AMBARI-6627 - Views : Admin - Add custom permissions
Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/11336361 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/11336361 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/11336361 Branch: refs/heads/trunk Commit: 11336361fa4b0e180961f29b95802bb51090c196 Parents: 8536204 Author: tbeerbower <tbeerbo...@hortonworks.com> Authored: Sun Jul 27 09:33:45 2014 -0400 Committer: tbeerbower <tbeerbo...@hortonworks.com> Committed: Tue Jul 29 08:01:54 2014 -0400 ---------------------------------------------------------------------- .../resources/ResourceInstanceFactoryImpl.java | 4 + .../ViewPermissionResourceDefinition.java | 58 +++++ .../ViewVersionResourceDefinition.java | 7 +- .../api/services/ViewPermissionService.java | 185 +++++++++++++ .../server/api/services/ViewVersionService.java | 13 + .../ambari/server/controller/AmbariServer.java | 7 +- .../internal/DefaultProviderModule.java | 2 + .../internal/PrivilegeResourceProvider.java | 23 +- .../ViewPermissionResourceProvider.java | 178 +++++++++++++ .../ambari/server/controller/spi/Resource.java | 4 +- .../apache/ambari/server/orm/dao/MemberDAO.java | 9 +- .../ambari/server/orm/dao/PermissionDAO.java | 20 +- .../ambari/server/orm/dao/PrivilegeDAO.java | 25 +- .../server/orm/entities/PermissionEntity.java | 15 +- .../server/orm/entities/ResourceTypeEntity.java | 21 ++ .../ambari/server/orm/entities/ViewEntity.java | 47 ++++ .../ambari/server/view/ViewContextImpl.java | 43 ++- .../apache/ambari/server/view/ViewRegistry.java | 172 +++++++++--- .../view/configuration/PermissionConfig.java | 39 +++ .../server/view/configuration/ViewConfig.java | 15 ++ .../main/resources/Ambari-DDL-MySQL-CREATE.sql | 1 + .../main/resources/Ambari-DDL-Oracle-CREATE.sql | 1 + .../resources/Ambari-DDL-Postgres-CREATE.sql | 1 + .../Ambari-DDL-Postgres-EMBEDDED-CREATE.sql | 1 + .../ViewPermissionResourceDefinitionTest.java | 49 ++++ .../ViewVersionResourceDefinitionTest.java | 7 +- .../api/services/ViewPermissionServiceTest.java | 100 +++++++ .../ambari/server/view/ViewRegistryTest.java | 70 +++-- .../configuration/PermissionConfigTest.java | 69 +++++ ambari-views/examples/pom.xml | 1 + .../examples/restricted-view/docs/index.md | 261 +++++++++++++++++++ ambari-views/examples/restricted-view/pom.xml | 89 +++++++ .../view/restricted/RestrictedResource.java | 57 ++++ .../view/restricted/UnrestrictedResource.java | 49 ++++ .../restricted-view/src/main/resources/view.xml | 38 +++ .../apache/ambari/view/SecurityException.java | 44 ++++ .../org/apache/ambari/view/ViewContext.java | 12 + 37 files changed, 1638 insertions(+), 99 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-server/src/main/java/org/apache/ambari/server/api/resources/ResourceInstanceFactoryImpl.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/api/resources/ResourceInstanceFactoryImpl.java b/ambari-server/src/main/java/org/apache/ambari/server/api/resources/ResourceInstanceFactoryImpl.java index 892ac22..5399404 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/api/resources/ResourceInstanceFactoryImpl.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/api/resources/ResourceInstanceFactoryImpl.java @@ -254,6 +254,10 @@ public class ResourceInstanceFactoryImpl implements ResourceInstanceFactory { resourceDefinition = new PrivilegeResourceDefinition(Resource.Type.ViewPrivilege); break; + case ViewPermission: + resourceDefinition = new ViewPermissionResourceDefinition(); + break; + default: throw new IllegalArgumentException("Unsupported resource type: " + type); } http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-server/src/main/java/org/apache/ambari/server/api/resources/ViewPermissionResourceDefinition.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/api/resources/ViewPermissionResourceDefinition.java b/ambari-server/src/main/java/org/apache/ambari/server/api/resources/ViewPermissionResourceDefinition.java new file mode 100644 index 0000000..1ff360d --- /dev/null +++ b/ambari-server/src/main/java/org/apache/ambari/server/api/resources/ViewPermissionResourceDefinition.java @@ -0,0 +1,58 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.api.resources; + +import org.apache.ambari.server.controller.spi.Resource; + +import java.util.Collections; +import java.util.Set; + + +/** + * Permission resource definition. + */ +public class ViewPermissionResourceDefinition extends BaseResourceDefinition { + + // ----- Constructors ------------------------------------------------------ + + /** + * Construct a permission resource definition. + */ + public ViewPermissionResourceDefinition() { + super(Resource.Type.ViewPermission); + } + + + // ----- ResourceDefinition ------------------------------------------------ + + @Override + public String getPluralName() { + return "permissions"; + } + + @Override + public String getSingularName() { + return "permission"; + } + + @Override + public Set<SubResourceDefinition> getSubResourceDefinitions() { + return Collections.emptySet(); + } +} http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-server/src/main/java/org/apache/ambari/server/api/resources/ViewVersionResourceDefinition.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/api/resources/ViewVersionResourceDefinition.java b/ambari-server/src/main/java/org/apache/ambari/server/api/resources/ViewVersionResourceDefinition.java index e67a50b..be21d1b 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/api/resources/ViewVersionResourceDefinition.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/api/resources/ViewVersionResourceDefinition.java @@ -20,7 +20,7 @@ package org.apache.ambari.server.api.resources; import org.apache.ambari.server.controller.spi.Resource; -import java.util.Collections; +import java.util.HashSet; import java.util.Set; @@ -53,6 +53,9 @@ public class ViewVersionResourceDefinition extends BaseResourceDefinition { @Override public Set<SubResourceDefinition> getSubResourceDefinitions() { - return Collections.singleton(new SubResourceDefinition(Resource.Type.ViewInstance)); + Set<SubResourceDefinition> subResourceDefinitions = new HashSet<SubResourceDefinition>(); + subResourceDefinitions.add(new SubResourceDefinition(Resource.Type.ViewInstance)); + subResourceDefinitions.add(new SubResourceDefinition(Resource.Type.ViewPermission)); + return subResourceDefinitions; } } http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-server/src/main/java/org/apache/ambari/server/api/services/ViewPermissionService.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/api/services/ViewPermissionService.java b/ambari-server/src/main/java/org/apache/ambari/server/api/services/ViewPermissionService.java new file mode 100644 index 0000000..711e85b --- /dev/null +++ b/ambari-server/src/main/java/org/apache/ambari/server/api/services/ViewPermissionService.java @@ -0,0 +1,185 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.api.services; + +import org.apache.ambari.server.api.resources.ResourceInstance; +import org.apache.ambari.server.controller.spi.Resource; + +import javax.ws.rs.DELETE; +import javax.ws.rs.GET; +import javax.ws.rs.POST; +import javax.ws.rs.PUT; +import javax.ws.rs.Path; +import javax.ws.rs.PathParam; +import javax.ws.rs.Produces; +import javax.ws.rs.core.Context; +import javax.ws.rs.core.HttpHeaders; +import javax.ws.rs.core.Response; +import javax.ws.rs.core.UriInfo; +import java.util.HashMap; +import java.util.Map; + + +/** + * Service responsible for custom view permission resource requests. + */ +public class ViewPermissionService extends BaseService { + + /** + * Parent view name. + */ + private final String viewName; + + /** + * The view version. + */ + private final String version; + + + // ----- Constructors ------------------------------------------------------ + + /** + * Construct a view permission service. + * + * @param viewName the view id + * @param version the version + */ + public ViewPermissionService(String viewName, String version) { + this.viewName = viewName; + this.version = version; + } + + + // ----- ViewPermissionService ----------------------------------------------- + + /** + * Handles: GET /permissions/{permissionID} + * Get a specific permission. + * + * @param headers http headers + * @param ui uri info + * @param permissionId permission id + * + * @return permission instance representation + */ + @GET + @Path("{permissionId}") + @Produces("text/plain") + public Response getPermission(@Context HttpHeaders headers, @Context UriInfo ui, + @PathParam("permissionId") String permissionId) { + + return handleRequest(headers, null, ui, Request.Type.GET, createPermissionResource( + viewName, version, permissionId)); + } + + /** + * Handles: GET /permissions + * Get all permissions. + * + * @param headers http headers + * @param ui uri info + * + * @return permission collection resource representation + */ + @GET + @Produces("text/plain") + public Response getPermissions(@Context HttpHeaders headers, @Context UriInfo ui) { + return handleRequest(headers, null, ui, Request.Type.GET, createPermissionResource( + viewName, version, null)); + } + + /** + * Handles: POST /permissions/{permissionID} + * Create a specific permission. + * + * @param headers http headers + * @param ui uri info + * @param permissionId permission id + * + * @return information regarding the created permission + */ + @POST + @Path("{permissionId}") + @Produces("text/plain") + public Response createPermission(String body, @Context HttpHeaders headers, @Context UriInfo ui, + @PathParam("permissionId") String permissionId) { + + return handleRequest(headers, body, ui, Request.Type.POST, createPermissionResource( + viewName, version, permissionId)); + } + + /** + * Handles: PUT /permissions/{permissionID} + * Update a specific permission. + * + * @param headers http headers + * @param ui uri info + * @param permissionId permission id + * + * @return information regarding the updated permission + */ + @PUT + @Path("{permissionId}") + @Produces("text/plain") + public Response updatePermission(String body, @Context HttpHeaders headers, @Context UriInfo ui, + @PathParam("permissionId") String permissionId) { + + return handleRequest(headers, body, ui, Request.Type.PUT, createPermissionResource( + viewName, version, permissionId)); + } + + /** + * Handles: DELETE /permissions/{permissionID} + * Delete a specific permission. + * + * @param headers http headers + * @param ui uri info + * @param permissionId permission id + * + * @return information regarding the deleted permission + */ + @DELETE + @Path("{permissionId}") + @Produces("text/plain") + public Response deletePermission(@Context HttpHeaders headers, @Context UriInfo ui, + @PathParam("permissionId") String permissionId) { + + return handleRequest(headers, null, ui, Request.Type.DELETE, createPermissionResource( + viewName, version, permissionId)); + } + + + // ----- helper methods ---------------------------------------------------- + + /** + * Create a permission resource. + * + * @param permissionId permission name + * + * @return a permission resource instance + */ + protected ResourceInstance createPermissionResource(String viewName, String viewVersion, String permissionId) { + Map<Resource.Type,String> mapIds = new HashMap<Resource.Type, String>(); + mapIds.put(Resource.Type.View, viewName); + mapIds.put(Resource.Type.ViewVersion, viewVersion); + mapIds.put(Resource.Type.ViewPermission, permissionId); + + return createResource(Resource.Type.ViewPermission, mapIds); + } +} http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-server/src/main/java/org/apache/ambari/server/api/services/ViewVersionService.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/api/services/ViewVersionService.java b/ambari-server/src/main/java/org/apache/ambari/server/api/services/ViewVersionService.java index 0dac300..8152ae6 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/api/services/ViewVersionService.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/api/services/ViewVersionService.java @@ -166,6 +166,19 @@ public class ViewVersionService extends BaseService { return new ViewInstanceService(viewName, version); } + /** + * Get the permissions sub-resource + * + * @param version the version + * + * @return the permission service + */ + @Path("{version}/permissions") + public ViewPermissionService getPermissionHandler(@PathParam("version") String version) { + + return new ViewPermissionService(viewName, version); + } + // ----- helper methods ---------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java index 6803a01..eb34a77 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/AmbariServer.java @@ -53,12 +53,14 @@ import org.apache.ambari.server.controller.internal.PrivilegeResourceProvider; import org.apache.ambari.server.controller.internal.RecommendationResourceProvider; import org.apache.ambari.server.controller.internal.StackDefinedPropertyProvider; import org.apache.ambari.server.controller.internal.StackDependencyResourceProvider; +import org.apache.ambari.server.controller.internal.ViewPermissionResourceProvider; import org.apache.ambari.server.controller.nagios.NagiosPropertyProvider; import org.apache.ambari.server.orm.GuiceJpaInitializer; import org.apache.ambari.server.orm.PersistenceType; import org.apache.ambari.server.orm.dao.AlertDefinitionDAO; import org.apache.ambari.server.orm.dao.BlueprintDAO; import org.apache.ambari.server.orm.dao.GroupDAO; +import org.apache.ambari.server.orm.dao.MemberDAO; import org.apache.ambari.server.orm.dao.MetainfoDAO; import org.apache.ambari.server.orm.dao.PermissionDAO; import org.apache.ambari.server.orm.dao.PrincipalDAO; @@ -541,11 +543,14 @@ public class AmbariServer { ClusterResourceProvider.init(injector.getInstance(BlueprintDAO.class), ambariMetaInfo); AlertDefinitionResourceProvider.init(injector.getInstance(AlertDefinitionDAO.class)); PermissionResourceProvider.init(injector.getInstance(PermissionDAO.class)); + ViewPermissionResourceProvider.init(injector.getInstance(PermissionDAO.class)); PrivilegeResourceProvider.init(injector.getInstance(PrivilegeDAO.class), injector.getInstance(UserDAO.class), injector.getInstance(GroupDAO.class), injector.getInstance(PrincipalDAO.class), injector.getInstance(PermissionDAO.class), injector.getInstance(ResourceDAO.class)); ViewRegistry.init(injector.getInstance(ViewDAO.class), injector.getInstance(ViewInstanceDAO.class), - injector.getInstance(ResourceDAO.class), injector.getInstance(ResourceTypeDAO.class)); + injector.getInstance(ResourceDAO.class), injector.getInstance(ResourceTypeDAO.class), + injector.getInstance(UserDAO.class), injector.getInstance(MemberDAO.class), + injector.getInstance(PrivilegeDAO.class)); } /** http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/DefaultProviderModule.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/DefaultProviderModule.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/DefaultProviderModule.java index 1d20075..88e4296 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/DefaultProviderModule.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/DefaultProviderModule.java @@ -75,6 +75,8 @@ public class DefaultProviderModule extends AbstractProviderModule { return new AmbariPrivilegeResourceProvider(); case ViewPrivilege: return new ViewPrivilegeResourceProvider(); + case ViewPermission: + return new ViewPermissionResourceProvider(); default: return AbstractControllerResourceProvider.getResourceProvider(type, propertyIds, keyPropertyIds, managementController); http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/PrivilegeResourceProvider.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/PrivilegeResourceProvider.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/PrivilegeResourceProvider.java index c7476e5..d04345b 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/PrivilegeResourceProvider.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/PrivilegeResourceProvider.java @@ -40,6 +40,7 @@ import org.apache.ambari.server.orm.entities.GroupEntity; import org.apache.ambari.server.orm.entities.PrincipalEntity; import org.apache.ambari.server.orm.entities.PrincipalTypeEntity; import org.apache.ambari.server.orm.entities.PrivilegeEntity; +import org.apache.ambari.server.orm.entities.ResourceEntity; import org.apache.ambari.server.orm.entities.UserEntity; import java.util.Collections; @@ -303,22 +304,26 @@ public abstract class PrivilegeResourceProvider<T> extends AbstractResourceProvi * @return the new privilege entity */ protected PrivilegeEntity toEntity(Map<String, Object> properties, Long resourceId) { - PrivilegeEntity entity = new PrivilegeEntity(); + PrivilegeEntity entity = new PrivilegeEntity(); + String permissionName = (String) properties.get(PERMISSION_NAME_PROPERTY_ID); + ResourceEntity resourceEntity = resourceDAO.findById(resourceId); - String permissionName = (String) properties.get(PERMISSION_NAME_PROPERTY_ID); - - entity.setPermission(permissionDAO.findPermissionByName(permissionName)); - entity.setResource(resourceDAO.findById(resourceId)); + entity.setResource(resourceEntity); + entity.setPermission(permissionDAO.findPermissionByNameAndType(permissionName, resourceEntity.getResourceType())); String principalName = (String) properties.get(PRINCIPAL_NAME_PROPERTY_ID); String principalType = (String) properties.get(PRINCIPAL_TYPE_PROPERTY_ID); if (PrincipalTypeEntity.GROUP_PRINCIPAL_TYPE_NAME.equalsIgnoreCase(principalType)) { GroupEntity groupEntity = groupDAO.findGroupByName(principalName); - entity.setPrincipal(principalDAO.findById(groupEntity.getPrincipal().getId())); + if (groupEntity != null) { + entity.setPrincipal(principalDAO.findById(groupEntity.getPrincipal().getId())); + } } else if (PrincipalTypeEntity.USER_PRINCIPAL_TYPE_NAME.equalsIgnoreCase(principalType)) { UserEntity userEntity = userDAO.findLocalUserByName(principalName); - entity.setPrincipal(principalDAO.findById(userEntity.getPrincipal().getId())); + if (userEntity != null) { + entity.setPrincipal(principalDAO.findById(userEntity.getPrincipal().getId())); + } } return entity; } @@ -335,6 +340,10 @@ public abstract class PrivilegeResourceProvider<T> extends AbstractResourceProvi PrivilegeEntity entity = toEntity(properties, resourceId); + if (entity.getPrincipal() == null) { + throw new AmbariException("Can't find principal " + properties.get(PRINCIPAL_TYPE_PROPERTY_ID) + + " " + properties.get(PRINCIPAL_NAME_PROPERTY_ID) + " for privilege."); + } if (privilegeDAO.exists(entity)) { throw new DuplicateResourceException("The privilege already exists."); } http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ViewPermissionResourceProvider.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ViewPermissionResourceProvider.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ViewPermissionResourceProvider.java new file mode 100644 index 0000000..547692d --- /dev/null +++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/internal/ViewPermissionResourceProvider.java @@ -0,0 +1,178 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.controller.internal; + +import org.apache.ambari.server.controller.spi.NoSuchParentResourceException; +import org.apache.ambari.server.controller.spi.NoSuchResourceException; +import org.apache.ambari.server.controller.spi.Predicate; +import org.apache.ambari.server.controller.spi.Request; +import org.apache.ambari.server.controller.spi.RequestStatus; +import org.apache.ambari.server.controller.spi.Resource; +import org.apache.ambari.server.controller.spi.ResourceAlreadyExistsException; +import org.apache.ambari.server.controller.spi.SystemException; +import org.apache.ambari.server.controller.spi.UnsupportedPropertyException; +import org.apache.ambari.server.orm.dao.PermissionDAO; +import org.apache.ambari.server.orm.entities.PermissionEntity; +import org.apache.ambari.server.orm.entities.ResourceTypeEntity; +import org.apache.ambari.server.orm.entities.ViewEntity; +import org.apache.ambari.server.view.ViewRegistry; + +import java.util.HashMap; +import java.util.HashSet; +import java.util.Map; +import java.util.Set; + +/** + * Resource provider for custom view permissions. + */ +public class ViewPermissionResourceProvider extends AbstractResourceProvider { + + /** + * Data access object used to obtain permission entities. + */ + protected static PermissionDAO permissionDAO; + + /** + * Permission property id constants. + */ + public static final String VIEW_NAME_PROPERTY_ID = "PermissionInfo/view_name"; + public static final String VIEW_VERSION_PROPERTY_ID = "PermissionInfo/version"; + public static final String PERMISSION_ID_PROPERTY_ID = "PermissionInfo/permission_id"; + public static final String PERMISSION_NAME_PROPERTY_ID = "PermissionInfo/permission_name"; + public static final String RESOURCE_NAME_PROPERTY_ID = "PermissionInfo/resource_name"; + + + /** + * The key property ids for a permission resource. + */ + private static Map<Resource.Type, String> keyPropertyIds = new HashMap<Resource.Type, String>(); + static { + keyPropertyIds.put(Resource.Type.View, VIEW_NAME_PROPERTY_ID); + keyPropertyIds.put(Resource.Type.ViewVersion, VIEW_VERSION_PROPERTY_ID); + keyPropertyIds.put(Resource.Type.ViewPermission, PERMISSION_ID_PROPERTY_ID); + } + + /** + * The property ids for a permission resource. + */ + private static Set<String> propertyIds = new HashSet<String>(); + static { + propertyIds.add(VIEW_NAME_PROPERTY_ID); + propertyIds.add(VIEW_VERSION_PROPERTY_ID); + propertyIds.add(PERMISSION_ID_PROPERTY_ID); + propertyIds.add(PERMISSION_NAME_PROPERTY_ID); + propertyIds.add(RESOURCE_NAME_PROPERTY_ID); + } + + + // ----- Constructors ------------------------------------------------------ + + /** + * Construct a permission resource provider. + */ + public ViewPermissionResourceProvider() { + super(propertyIds, keyPropertyIds); + } + + + // ----- PermissionResourceProvider ---------------------------------------- + + /** + * Static initialization. + * + * @param dao permission data access object + */ + public static void init(PermissionDAO dao) { + permissionDAO = dao; + } + + + // ----- ResourceProvider -------------------------------------------------- + + @Override + public RequestStatus createResources(Request request) + throws SystemException, UnsupportedPropertyException, + ResourceAlreadyExistsException, NoSuchParentResourceException { + throw new UnsupportedOperationException("Not supported."); + } + + @Override + public Set<Resource> getResources(Request request, Predicate predicate) + throws SystemException, UnsupportedPropertyException, NoSuchResourceException, NoSuchParentResourceException { + ViewRegistry viewRegistry = ViewRegistry.getInstance(); + Set<Resource> resources = new HashSet<Resource>(); + Set<String> requestedIds = getRequestPropertyIds(request, predicate); + + for(PermissionEntity permissionEntity : permissionDAO.findAll()){ + ResourceTypeEntity resourceType = permissionEntity.getResourceType(); + + ViewEntity viewEntity = viewRegistry.getDefinition(resourceType); + + if (viewEntity != null) { + resources.add(toResource(permissionEntity, resourceType, viewEntity, requestedIds)); + } + } + + return resources; + } + + @Override + public RequestStatus updateResources(Request request, Predicate predicate) + throws SystemException, UnsupportedPropertyException, NoSuchResourceException, NoSuchParentResourceException { + throw new UnsupportedOperationException("Not supported."); + } + + @Override + public RequestStatus deleteResources(Predicate predicate) + throws SystemException, UnsupportedPropertyException, NoSuchResourceException, NoSuchParentResourceException { + throw new UnsupportedOperationException("Not supported."); + } + + @Override + public Map<Resource.Type, String> getKeyPropertyIds() { + return keyPropertyIds; + } + + + // ----- AbstractResourceProvider ------------------------------------------ + + @Override + protected Set<String> getPKPropertyIds() { + return new HashSet<String>(keyPropertyIds.values()); + } + + + // ----- helper methods ---------------------------------------------------- + + // convert the given permission entity to a resource + private Resource toResource(PermissionEntity entity, ResourceTypeEntity resourceType, + ViewEntity viewEntity, Set<String> requestedIds) { + + Resource resource = new ResourceImpl(Resource.Type.ViewPermission); + + setResourceProperty(resource, VIEW_NAME_PROPERTY_ID, viewEntity.getCommonName(), requestedIds); + setResourceProperty(resource, VIEW_VERSION_PROPERTY_ID, viewEntity.getVersion(), requestedIds); + + setResourceProperty(resource, PERMISSION_ID_PROPERTY_ID, entity.getId(), requestedIds); + setResourceProperty(resource, PERMISSION_NAME_PROPERTY_ID, entity.getPermissionName(), requestedIds); + setResourceProperty(resource, RESOURCE_NAME_PROPERTY_ID, resourceType.getName(), requestedIds); + + return resource; + } +} http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-server/src/main/java/org/apache/ambari/server/controller/spi/Resource.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/controller/spi/Resource.java b/ambari-server/src/main/java/org/apache/ambari/server/controller/spi/Resource.java index 50519cc..c6cc95b 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/controller/spi/Resource.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/controller/spi/Resource.java @@ -115,7 +115,8 @@ public interface Resource { AlertDefinition, AmbariPrivilege, ClusterPrivilege, - ViewPrivilege; + ViewPrivilege, + ViewPermission; /** * Get the {@link Type} that corresponds to this InternalType. @@ -192,6 +193,7 @@ public interface Resource { public static final Type AmbariPrivilege = InternalType.AmbariPrivilege.getType(); public static final Type ClusterPrivilege = InternalType.ClusterPrivilege.getType(); public static final Type ViewPrivilege = InternalType.ViewPrivilege.getType(); + public static final Type ViewPermission = InternalType.ViewPermission.getType(); /** * The type name. http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/MemberDAO.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/MemberDAO.java b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/MemberDAO.java index b4e015d..5788b81 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/MemberDAO.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/MemberDAO.java @@ -29,6 +29,7 @@ import com.google.inject.Inject; import com.google.inject.Provider; import com.google.inject.Singleton; import com.google.inject.persist.Transactional; +import org.apache.ambari.server.orm.entities.UserEntity; @Singleton public class MemberDAO { @@ -44,7 +45,13 @@ public class MemberDAO { @RequiresSession public List<MemberEntity> findAll() { - final TypedQuery<MemberEntity> query = entityManagerProvider.get().createQuery("SELECT member FROM MemberEntity member", MemberEntity.class); + final TypedQuery<MemberEntity> query = entityManagerProvider.get().createQuery("SELECT m FROM MemberEntity m", MemberEntity.class); + return daoUtils.selectList(query); + } + + public List<MemberEntity> findAllMembersByUser(UserEntity userEntity) { + TypedQuery<MemberEntity> query = entityManagerProvider.get().createQuery("SELECT m FROM MemberEntity m WHERE m.user = :userEntity", MemberEntity.class); + query.setParameter("userEntity", userEntity); return daoUtils.selectList(query); } http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PermissionDAO.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PermissionDAO.java b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PermissionDAO.java index c00b47a..0ab5af8 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PermissionDAO.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PermissionDAO.java @@ -22,9 +22,9 @@ import com.google.inject.Inject; import com.google.inject.Provider; import com.google.inject.Singleton; import org.apache.ambari.server.orm.entities.PermissionEntity; +import org.apache.ambari.server.orm.entities.ResourceTypeEntity; import javax.persistence.EntityManager; -import javax.persistence.NoResultException; import javax.persistence.TypedQuery; import java.util.List; @@ -58,24 +58,22 @@ public class PermissionDAO { * @return all entities or an empty List */ public List<PermissionEntity> findAll() { - TypedQuery<PermissionEntity> query = entityManagerProvider.get().createQuery("SELECT resource FROM PermissionEntity resource", PermissionEntity.class); + TypedQuery<PermissionEntity> query = entityManagerProvider.get().createQuery("SELECT p FROM PermissionEntity p", PermissionEntity.class); return daoUtils.selectList(query); } /** - * Find a permission entity by name. + * Find a permission entity by name and type. * - * @param name the permission name + * @param name the permission name + * @param resourceType the resource type * * @return a matching permission entity or null */ - public PermissionEntity findPermissionByName(String name) { - final TypedQuery<PermissionEntity> query = entityManagerProvider.get().createNamedQuery("permissionByName", PermissionEntity.class); + public PermissionEntity findPermissionByNameAndType(String name, ResourceTypeEntity resourceType) { + TypedQuery<PermissionEntity> query = entityManagerProvider.get().createQuery("SELECT p FROM PermissionEntity p WHERE p.permissionName=:permissionname AND p.resourceType=:resourcetype", PermissionEntity.class); query.setParameter("permissionname", name); - try { - return query.getSingleResult(); - } catch (NoResultException e) { - return null; - } + query.setParameter("resourcetype", resourceType); + return daoUtils.selectSingle(query); } } http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PrivilegeDAO.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PrivilegeDAO.java b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PrivilegeDAO.java index de18031..7fed17b 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PrivilegeDAO.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/orm/dao/PrivilegeDAO.java @@ -22,7 +22,10 @@ import com.google.inject.Inject; import com.google.inject.Provider; import com.google.inject.Singleton; import com.google.inject.persist.Transactional; +import org.apache.ambari.server.orm.entities.PermissionEntity; +import org.apache.ambari.server.orm.entities.PrincipalEntity; import org.apache.ambari.server.orm.entities.PrivilegeEntity; +import org.apache.ambari.server.orm.entities.ResourceEntity; import javax.persistence.EntityManager; import javax.persistence.TypedQuery; @@ -63,19 +66,33 @@ public class PrivilegeDAO { } /** - * Determine whether or not the given privilege entity already exists. + * Determine whether or not the given privilege entity exists. * * @param entity the privilege entity * * @return true if the given privilege entity already exists */ public boolean exists(PrivilegeEntity entity) { + return exists(entity.getPrincipal(), entity.getResource(), entity.getPermission()); + } + + /** + * Determine whether or not the privilege entity exists defined by the given principal, resource and + * permission exists. + * + * @param principalEntity the principal entity + * @param resourceEntity the resource entity + * @param permissionEntity the permission entity + * + * @return true if the privilege entity already exists + */ + public boolean exists(PrincipalEntity principalEntity, ResourceEntity resourceEntity, PermissionEntity permissionEntity) { TypedQuery<PrivilegeEntity> query = entityManagerProvider.get().createQuery( "SELECT privilege FROM PrivilegeEntity privilege WHERE privilege.principal = :principal AND privilege.resource = :resource AND privilege.permission = :permission", PrivilegeEntity.class); - query.setParameter("principal", entity.getPrincipal()); - query.setParameter("resource", entity.getResource()); - query.setParameter("permission", entity.getPermission()); + query.setParameter("principal", principalEntity); + query.setParameter("resource", resourceEntity); + query.setParameter("permission", permissionEntity); List<PrivilegeEntity> privilegeEntities = daoUtils.selectList(query); return !(privilegeEntities == null || privilegeEntities.isEmpty()); http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PermissionEntity.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PermissionEntity.java b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PermissionEntity.java index a770f1d..8889bde 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PermissionEntity.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/PermissionEntity.java @@ -43,10 +43,6 @@ import javax.persistence.TableGenerator; , initialValue = 5 , allocationSize = 1 ) - -@NamedQueries({ - @NamedQuery(name = "permissionByName", query = "SELECT permission_entity FROM PermissionEntity permission_entity where permission_entity.permissionName=:permissionname") -}) public class PermissionEntity { /** @@ -137,17 +133,14 @@ public class PermissionEntity { PermissionEntity that = (PermissionEntity) o; - if (!id.equals(that.id)) return false; - if (permissionName != null ? !permissionName.equals(that.permissionName) : that.permissionName != null) - return false; - if (resourceType != null ? !resourceType.equals(that.resourceType) : that.resourceType != null) return false; - - return true; + return !(id != null ? !id.equals(that.id) : that.id != null) && + !(permissionName != null ? !permissionName.equals(that.permissionName) : that.permissionName != null) && + !(resourceType != null ? !resourceType.equals(that.resourceType) : that.resourceType != null); } @Override public int hashCode() { - int result = id.hashCode(); + int result = id != null ? id.hashCode() : 0; result = 31 * result + (permissionName != null ? permissionName.hashCode() : 0); result = 31 * result + (resourceType != null ? resourceType.hashCode() : 0); return result; http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/ResourceTypeEntity.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/ResourceTypeEntity.java b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/ResourceTypeEntity.java index 9842a6a..1fdb737 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/ResourceTypeEntity.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/ResourceTypeEntity.java @@ -99,5 +99,26 @@ public class ResourceTypeEntity { public void setName(String name) { this.name = name; } + + + // ----- Object overrides -------------------------------------------------- + + @Override + public boolean equals(Object o) { + if (this == o) return true; + if (o == null || getClass() != o.getClass()) return false; + + ResourceTypeEntity that = (ResourceTypeEntity) o; + + return !(id != null ? !id.equals(that.id) : that.id != null) && !(name != null ? + !name.equals(that.name) : that.name != null); + } + + @Override + public int hashCode() { + int result = id != null ? id.hashCode() : 0; + result = 31 * result + (name != null ? name.hashCode() : 0); + return result; + } } http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/ViewEntity.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/ViewEntity.java b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/ViewEntity.java index 59d87aa..da6e2d2 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/ViewEntity.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/orm/entities/ViewEntity.java @@ -121,6 +121,18 @@ public class ViewEntity implements ViewDefinition { @OneToMany(cascade = CascadeType.ALL, mappedBy = "view") private Collection<ViewInstanceEntity> instances = new HashSet<ViewInstanceEntity>(); + /** + * The list of view permissions. + */ + @OneToMany(cascade = CascadeType.ALL) + @JoinColumns({ + @JoinColumn(name = "resource_type_id", referencedColumnName = "resource_type_id", nullable = false), + }) + private Collection<PermissionEntity> permissions = new HashSet<PermissionEntity>(); + + /** + * The resource type. + */ @ManyToOne @JoinColumns({ @JoinColumn(name = "resource_type_id", referencedColumnName = "resource_type_id", nullable = false), @@ -352,6 +364,41 @@ public class ViewEntity implements ViewDefinition { } /** + * Get the view custom permissions. + * + * @return the view permissions + */ + public Collection<PermissionEntity> getPermissions() { + return permissions; + } + + /** + * Set the custom view permissions. + * + * @param permissions the permissions + */ + public void setPermissions(Collection<PermissionEntity> permissions) { + this.permissions = permissions; + } + + /** + * Get the permission entity for the given permission name. + * + * @param permissionName the permission name + * + * @return the matching permission entity or null + */ + public PermissionEntity getPermission(String permissionName) { + + for (PermissionEntity permissionEntity : permissions) { + if (permissionEntity.getPermissionName().equals(permissionName)) { + return permissionEntity; + } + } + return null; + } + + /** * Get the view resources. * * @return the view resources http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-server/src/main/java/org/apache/ambari/server/view/ViewContextImpl.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/view/ViewContextImpl.java b/ambari-server/src/main/java/org/apache/ambari/server/view/ViewContextImpl.java index 6426575..d36ad6e 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/view/ViewContextImpl.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/view/ViewContextImpl.java @@ -21,13 +21,19 @@ package org.apache.ambari.server.view; import com.google.inject.Guice; import com.google.inject.Injector; import org.apache.ambari.server.configuration.ComponentSSLConfiguration; +import org.apache.ambari.server.orm.entities.PermissionEntity; import org.apache.ambari.server.orm.entities.ViewEntity; import org.apache.ambari.server.orm.entities.ViewInstanceEntity; +import org.apache.ambari.server.view.configuration.ParameterConfig; +import org.apache.ambari.server.view.configuration.ViewConfig; import org.apache.ambari.server.view.events.EventImpl; import org.apache.ambari.server.view.persistence.DataStoreImpl; import org.apache.ambari.server.view.persistence.DataStoreModule; import org.apache.ambari.view.DataStore; +import org.apache.ambari.view.MaskException; +import org.apache.ambari.view.Masker; import org.apache.ambari.view.ResourceProvider; +import org.apache.ambari.view.SecurityException; import org.apache.ambari.view.URLStreamProvider; import org.apache.ambari.view.ViewContext; import org.apache.ambari.view.ViewController; @@ -35,6 +41,9 @@ import org.apache.ambari.view.ViewDefinition; import org.apache.ambari.view.ViewInstanceDefinition; import org.apache.ambari.view.events.Event; import org.apache.ambari.view.events.Listener; +import org.apache.commons.lang.StringUtils; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; import org.apache.velocity.VelocityContext; import org.apache.velocity.app.Velocity; import org.apache.velocity.exception.ParseErrorException; @@ -51,14 +60,6 @@ import java.util.List; import java.util.Map; import java.util.Map.Entry; -import org.apache.ambari.server.view.configuration.ParameterConfig; -import org.apache.ambari.server.view.configuration.ViewConfig; -import org.apache.ambari.view.MaskException; -import org.apache.ambari.view.Masker; -import org.apache.commons.lang.StringUtils; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - /** * View context implementation. */ @@ -239,6 +240,32 @@ public class ViewContextImpl implements ViewContext, ViewController { } @Override + public void hasPermission(String userName, String permissionName) throws org.apache.ambari.view.SecurityException { + + if (userName == null || userName.length() == 0) { + throw new SecurityException("No user name specified."); + } + + if (permissionName == null || permissionName.length() == 0) { + throw new SecurityException("No permission name specified."); + } + + if (viewInstanceEntity == null) { + throw new SecurityException("There is no instance associated with the view context"); + } + + PermissionEntity permissionEntity = viewEntity.getPermission(permissionName); + + if (permissionEntity == null) { + throw new SecurityException("The permission " + permissionName + " is not defined for " + viewEntity.getName()); + } + + if (!viewRegistry.hasPermission(permissionEntity, viewInstanceEntity.getResource(), userName)) { + throw new SecurityException("The user " + userName + " has not been granted permission " + permissionName); + } + } + + @Override public URLStreamProvider getURLStreamProvider() { return streamProvider; } http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-server/src/main/java/org/apache/ambari/server/view/ViewRegistry.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/view/ViewRegistry.java b/ambari-server/src/main/java/org/apache/ambari/server/view/ViewRegistry.java index 4859836..7b7d9a4 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/view/ViewRegistry.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/view/ViewRegistry.java @@ -29,12 +29,19 @@ import org.apache.ambari.server.api.services.ViewExternalSubResourceService; import org.apache.ambari.server.api.services.ViewSubResourceService; import org.apache.ambari.server.configuration.Configuration; import org.apache.ambari.server.controller.spi.Resource; +import org.apache.ambari.server.orm.dao.MemberDAO; +import org.apache.ambari.server.orm.dao.PrivilegeDAO; import org.apache.ambari.server.orm.dao.ResourceDAO; import org.apache.ambari.server.orm.dao.ResourceTypeDAO; +import org.apache.ambari.server.orm.dao.UserDAO; import org.apache.ambari.server.orm.dao.ViewDAO; import org.apache.ambari.server.orm.dao.ViewInstanceDAO; +import org.apache.ambari.server.orm.entities.GroupEntity; +import org.apache.ambari.server.orm.entities.MemberEntity; +import org.apache.ambari.server.orm.entities.PermissionEntity; import org.apache.ambari.server.orm.entities.ResourceEntity; import org.apache.ambari.server.orm.entities.ResourceTypeEntity; +import org.apache.ambari.server.orm.entities.UserEntity; import org.apache.ambari.server.orm.entities.ViewEntity; import org.apache.ambari.server.orm.entities.ViewEntityEntity; import org.apache.ambari.server.orm.entities.ViewInstanceDataEntity; @@ -44,6 +51,7 @@ import org.apache.ambari.server.orm.entities.ViewResourceEntity; import org.apache.ambari.server.view.configuration.EntityConfig; import org.apache.ambari.server.view.configuration.InstanceConfig; import org.apache.ambari.server.view.configuration.ParameterConfig; +import org.apache.ambari.server.view.configuration.PermissionConfig; import org.apache.ambari.server.view.configuration.PersistenceConfig; import org.apache.ambari.server.view.configuration.PropertyConfig; import org.apache.ambari.server.view.configuration.ResourceConfig; @@ -164,6 +172,21 @@ public class ViewRegistry { */ private static ResourceTypeDAO resourceTypeDAO; + /** + * User data access object. + */ + private static UserDAO userDAO; + + /** + * Group member data access object. + */ + private static MemberDAO memberDAO; + + /** + * Privilege data access object. + */ + private static PrivilegeDAO privilegeDAO; + // ----- Constructors ------------------------------------------------------ @@ -198,6 +221,23 @@ public class ViewRegistry { } /** + * Get the view definition for the given resource type. + * + * @param resourceTypeEntity the resource type + * + * @return the view definition for the given resource type or null + */ + public ViewEntity getDefinition(ResourceTypeEntity resourceTypeEntity) { + + for (ViewEntity viewEntity : viewDefinitions.values()) { + if (viewEntity.getResourceType().equals(resourceTypeEntity)) { + return viewEntity; + } + } + return null; + } + + /** * Add a view definition to the registry. * * @param definition the definition @@ -605,6 +645,43 @@ public class ViewRegistry { listeners.add(listener); } + /** + * Determine whether or not the access specified by the given permission + * is permitted for the given user on the view instance identified by + * the given resource. + * + * @param permissionEntity the permission entity + * @param resourceEntity the resource entity + * @param userName the user name + * + * @return true if the access specified by the given permission + * is permitted for the given user. + */ + public boolean hasPermission(PermissionEntity permissionEntity, ResourceEntity resourceEntity, String userName) { + + UserEntity userEntity = userDAO.findLocalUserByName(userName); + + if (userEntity == null) { + return false; + } + + if (privilegeDAO.exists(userEntity.getPrincipal(), resourceEntity, permissionEntity)) { + return true; + } + + List<MemberEntity> memberEntities = memberDAO.findAllMembersByUser(userEntity); + + for (MemberEntity memberEntity : memberEntities) { + + GroupEntity groupEntity = memberEntity.getGroup(); + + if (privilegeDAO.exists(groupEntity.getPrincipal(), resourceEntity, permissionEntity)) { + return true; + } + } + return false; + } + // ----- helper methods ---------------------------------------------------- @@ -700,6 +777,24 @@ public class ViewRegistry { } viewDefinition.setResources(resources); } + + ResourceTypeEntity resourceTypeEntity = new ResourceTypeEntity(); + resourceTypeEntity.setName(viewDefinition.getName()); + + viewDefinition.setResourceType(resourceTypeEntity); + + List<PermissionConfig> permissionConfigurations = viewConfig.getPermissions(); + + Collection<PermissionEntity> permissions = new HashSet<PermissionEntity>(); + for (PermissionConfig permissionConfiguration : permissionConfigurations) { + PermissionEntity permissionEntity = new PermissionEntity(); + + permissionEntity.setPermissionName(permissionConfiguration.getName()); + permissionEntity.setResourceType(resourceTypeEntity); + permissions.add(permissionEntity); + } + viewDefinition.setPermissions(permissions); + View view = null; if (viewConfig.getView() != null) { view = getView(viewConfig.getViewClass(cl), new ViewContextImpl(viewDefinition, this)); @@ -774,6 +869,10 @@ public class ViewRegistry { setPersistenceEntities(viewInstanceDefinition); + ResourceEntity resourceEntity = new ResourceEntity(); + resourceEntity.setResourceType(viewDefinition.getResourceType()); + viewInstanceDefinition.setResource(resourceEntity); + viewDefinition.addInstanceDefinition(viewInstanceDefinition); } @@ -885,35 +984,8 @@ public class ViewRegistry { if (LOG.isDebugEnabled()) { LOG.debug("Creating View " + viewName + "."); } - // get or create an admin resource type to represent this view - ResourceTypeEntity resourceTypeEntity = resourceTypeDAO.findByName(viewName); - if (resourceTypeEntity == null) { - resourceTypeEntity = new ResourceTypeEntity(); - resourceTypeEntity.setName(view.getName()); - resourceTypeDAO.create(resourceTypeEntity); - } - - view.setResourceType(resourceTypeEntity); - - for( ViewInstanceEntity instance : view.getInstances()) { - - // create an admin resource to represent this view instance - ResourceEntity resourceEntity = new ResourceEntity(); - resourceEntity.setResourceType(resourceTypeEntity); - resourceDAO.create(resourceEntity); - - instance.setResource(resourceEntity); - } // ... merge it - viewDAO.merge(view); - - persistedView = viewDAO.findByName(viewName); - if (persistedView == null) { - String message = "View " + persistedView.getViewName() + " can not be found."; - - LOG.error(message); - throw new IllegalStateException(message); - } + persistedView = viewDAO.merge(view); } Map<String, ViewInstanceEntity> instanceEntityMap = new HashMap<String, ViewInstanceEntity>(); @@ -921,6 +993,9 @@ public class ViewRegistry { instanceEntityMap.put(instance.getName(), instance); } + view.setResourceType(persistedView.getResourceType()); + view.setPermissions(persistedView.getPermissions()); + // make sure that each instance of the view in the db is reflected in the given view for (ViewInstanceEntity persistedInstance : persistedView.getInstances()){ String instanceName = persistedInstance.getName(); @@ -947,9 +1022,7 @@ public class ViewRegistry { instance.setProperties(persistedInstance.getProperties()); instance.setEntities(persistedInstance.getEntities()); - if (instance.getResource() == null) { - instance.setResource(persistedInstance.getResource()); - } + instance.setResource(persistedInstance.getResource()); } // these instances appear in the archive but have been deleted @@ -1078,12 +1151,20 @@ public class ViewRegistry { * @param instanceDAO view instance data access object * @param resourceDAO resource data access object * @param resourceTypeDAO resource type data access object + * @param userDAO user data access object + * @param memberDAO group member data access object + * @param privilegeDAO the privilege data access object */ - public static void init(ViewDAO viewDAO, ViewInstanceDAO instanceDAO, ResourceDAO resourceDAO, ResourceTypeDAO resourceTypeDAO) { + public static void init(ViewDAO viewDAO, ViewInstanceDAO instanceDAO, ResourceDAO resourceDAO, + ResourceTypeDAO resourceTypeDAO, UserDAO userDAO, MemberDAO memberDAO, + PrivilegeDAO privilegeDAO) { setViewDAO(viewDAO); setInstanceDAO(instanceDAO); setResourceDAO(resourceDAO); setResourceTypeDAO(resourceTypeDAO); + setUserDAO(userDAO); + setMemberDAO(memberDAO); + setPrivilegeDAO(privilegeDAO); } /** @@ -1122,6 +1203,33 @@ public class ViewRegistry { ViewRegistry.resourceTypeDAO = resourceTypeDAO; } + /** + * Set the user DAO. + * + * @param userDAO the user DAO + */ + protected static void setUserDAO(UserDAO userDAO) { + ViewRegistry.userDAO = userDAO; + } + + /** + * Set the group member DAO. + * + * @param memberDAO the group member DAO + */ + protected static void setMemberDAO(MemberDAO memberDAO) { + ViewRegistry.memberDAO = memberDAO; + } + + /** + * Set the privilege DAO. + * + * @param privilegeDAO the privilege DAO + */ + protected static void setPrivilegeDAO(PrivilegeDAO privilegeDAO) { + ViewRegistry.privilegeDAO = privilegeDAO; + } + // ----- inner class : ViewRegistryHelper ---------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-server/src/main/java/org/apache/ambari/server/view/configuration/PermissionConfig.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/view/configuration/PermissionConfig.java b/ambari-server/src/main/java/org/apache/ambari/server/view/configuration/PermissionConfig.java new file mode 100644 index 0000000..07d1b53 --- /dev/null +++ b/ambari-server/src/main/java/org/apache/ambari/server/view/configuration/PermissionConfig.java @@ -0,0 +1,39 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.view.configuration; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; + +/** + * View custom permission configuration. + */ +@XmlAccessorType(XmlAccessType.FIELD) +public class PermissionConfig { + private String name; + private String description; + + public String getName() { + return name; + } + + public String getDescription() { + return description; + } +} http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-server/src/main/java/org/apache/ambari/server/view/configuration/ViewConfig.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/view/configuration/ViewConfig.java b/ambari-server/src/main/java/org/apache/ambari/server/view/configuration/ViewConfig.java index e084918..ddca446 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/view/configuration/ViewConfig.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/view/configuration/ViewConfig.java @@ -109,6 +109,12 @@ public class ViewConfig { private PersistenceConfig persistence; /** + * The list of view parameters. + */ + @XmlElement(name="permission") + private List<PermissionConfig> permissions; + + /** * Get the unique name. * * @return the view name @@ -241,4 +247,13 @@ public class ViewConfig { public PersistenceConfig getPersistence() { return persistence; } + + /** + * Get the list of custom permissions defined for the view. + * + * @return the list of custom permissions + */ + public List<PermissionConfig> getPermissions() { + return permissions == null ? Collections.<PermissionConfig>emptyList() : permissions; + } } http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql index f3cac2e..cf51a49 100644 --- a/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql +++ b/ambari-server/src/main/resources/Ambari-DDL-MySQL-CREATE.sql @@ -129,6 +129,7 @@ ALTER TABLE viewentity ADD CONSTRAINT FK_viewentity_view_name FOREIGN KEY (view_ ALTER TABLE adminresource ADD CONSTRAINT FK_resource_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id); ALTER TABLE adminprincipal ADD CONSTRAINT FK_principal_principal_type_id FOREIGN KEY (principal_type_id) REFERENCES adminprincipaltype(principal_type_id); ALTER TABLE adminpermission ADD CONSTRAINT FK_permission_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id); +ALTER TABLE adminpermission ADD CONSTRAINT UQ_permission_name_resource_type_id UNIQUE (permission_name, resource_type_id); ALTER TABLE adminprivilege ADD CONSTRAINT FK_privilege_permission_id FOREIGN KEY (permission_id) REFERENCES adminpermission(permission_id); ALTER TABLE adminprivilege ADD CONSTRAINT FK_privilege_resource_id FOREIGN KEY (resource_id) REFERENCES adminresource(resource_id); ALTER TABLE viewmain ADD CONSTRAINT FK_view_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id); http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql index 2328ffc..c05affd 100644 --- a/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql +++ b/ambari-server/src/main/resources/Ambari-DDL-Oracle-CREATE.sql @@ -119,6 +119,7 @@ ALTER TABLE viewentity ADD CONSTRAINT FK_viewentity_view_name FOREIGN KEY (view_ ALTER TABLE adminresource ADD CONSTRAINT FK_resource_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id); ALTER TABLE adminprincipal ADD CONSTRAINT FK_principal_principal_type_id FOREIGN KEY (principal_type_id) REFERENCES adminprincipaltype(principal_type_id); ALTER TABLE adminpermission ADD CONSTRAINT FK_permission_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id); +ALTER TABLE adminpermission ADD CONSTRAINT UQ_permission_name_resource_type_id UNIQUE (permission_name, resource_type_id); ALTER TABLE adminprivilege ADD CONSTRAINT FK_privilege_permission_id FOREIGN KEY (permission_id) REFERENCES adminpermission(permission_id); ALTER TABLE adminprivilege ADD CONSTRAINT FK_privilege_resource_id FOREIGN KEY (resource_id) REFERENCES adminresource(resource_id); ALTER TABLE viewmain ADD CONSTRAINT FK_view_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id); http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql index 43addca..82335e3 100644 --- a/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql +++ b/ambari-server/src/main/resources/Ambari-DDL-Postgres-CREATE.sql @@ -152,6 +152,7 @@ ALTER TABLE viewentity ADD CONSTRAINT FK_viewentity_view_name FOREIGN KEY (view_ ALTER TABLE adminresource ADD CONSTRAINT FK_resource_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id); ALTER TABLE adminprincipal ADD CONSTRAINT FK_principal_principal_type_id FOREIGN KEY (principal_type_id) REFERENCES adminprincipaltype(principal_type_id); ALTER TABLE adminpermission ADD CONSTRAINT FK_permission_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id); +ALTER TABLE adminpermission ADD CONSTRAINT UQ_permission_name_resource_type_id UNIQUE (permission_name, resource_type_id); ALTER TABLE adminprivilege ADD CONSTRAINT FK_privilege_permission_id FOREIGN KEY (permission_id) REFERENCES adminpermission(permission_id); ALTER TABLE adminprivilege ADD CONSTRAINT FK_privilege_resource_id FOREIGN KEY (resource_id) REFERENCES adminresource(resource_id); ALTER TABLE viewmain ADD CONSTRAINT FK_view_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id); http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql b/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql index 2fc99be..b5fcd94 100644 --- a/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql +++ b/ambari-server/src/main/resources/Ambari-DDL-Postgres-EMBEDDED-CREATE.sql @@ -215,6 +215,7 @@ ALTER TABLE ambari.viewentity ADD CONSTRAINT FK_viewentity_view_name FOREIGN KEY ALTER TABLE ambari.adminresource ADD CONSTRAINT FK_resource_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id); ALTER TABLE ambari.adminprincipal ADD CONSTRAINT FK_principal_principal_type_id FOREIGN KEY (principal_type_id) REFERENCES adminprincipaltype(principal_type_id); ALTER TABLE ambari.adminpermission ADD CONSTRAINT FK_permission_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id); +ALTER TABLE ambari.adminpermission ADD CONSTRAINT UQ_permission_name_resource_type_id UNIQUE (permission_name, resource_type_id); ALTER TABLE ambari.adminprivilege ADD CONSTRAINT FK_privilege_permission_id FOREIGN KEY (permission_id) REFERENCES adminpermission(permission_id); ALTER TABLE ambari.adminprivilege ADD CONSTRAINT FK_privilege_resource_id FOREIGN KEY (resource_id) REFERENCES adminresource(resource_id); ALTER TABLE viewmain ADD CONSTRAINT FK_view_resource_type_id FOREIGN KEY (resource_type_id) REFERENCES adminresourcetype(resource_type_id); http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-server/src/test/java/org/apache/ambari/server/api/resources/ViewPermissionResourceDefinitionTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/api/resources/ViewPermissionResourceDefinitionTest.java b/ambari-server/src/test/java/org/apache/ambari/server/api/resources/ViewPermissionResourceDefinitionTest.java new file mode 100644 index 0000000..fbb20f2 --- /dev/null +++ b/ambari-server/src/test/java/org/apache/ambari/server/api/resources/ViewPermissionResourceDefinitionTest.java @@ -0,0 +1,49 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.api.resources; + +import org.junit.Assert; +import org.junit.Test; + +import java.util.Set; + +/** + * ViewPermissionResourceDefinition tests. + */ +public class ViewPermissionResourceDefinitionTest { + @Test + public void testGetPluralName() throws Exception { + ViewPermissionResourceDefinition ViewPermissionResourceDefinition = new ViewPermissionResourceDefinition(); + Assert.assertEquals("permissions", ViewPermissionResourceDefinition.getPluralName()); + } + + @Test + public void testGetSingularName() throws Exception { + ViewPermissionResourceDefinition ViewPermissionResourceDefinition = new ViewPermissionResourceDefinition(); + Assert.assertEquals("permission", ViewPermissionResourceDefinition.getSingularName()); + } + + @Test + public void testGetSubResourceDefinitions() throws Exception { + ViewPermissionResourceDefinition ViewPermissionResourceDefinition = new ViewPermissionResourceDefinition(); + Set<SubResourceDefinition> subResourceDefinitions = ViewPermissionResourceDefinition.getSubResourceDefinitions (); + + Assert.assertTrue(subResourceDefinitions.isEmpty()); + } +} http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-server/src/test/java/org/apache/ambari/server/api/resources/ViewVersionResourceDefinitionTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/api/resources/ViewVersionResourceDefinitionTest.java b/ambari-server/src/test/java/org/apache/ambari/server/api/resources/ViewVersionResourceDefinitionTest.java index 32c13b3..d83c902 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/api/resources/ViewVersionResourceDefinitionTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/api/resources/ViewVersionResourceDefinitionTest.java @@ -44,8 +44,11 @@ public class ViewVersionResourceDefinitionTest { ViewVersionResourceDefinition viewVersionResourceDefinition = new ViewVersionResourceDefinition(); Set<SubResourceDefinition> subResourceDefinitions = viewVersionResourceDefinition.getSubResourceDefinitions (); - Assert.assertEquals(1, subResourceDefinitions.size()); + Assert.assertEquals(2, subResourceDefinitions.size()); - Assert.assertEquals("ViewInstance", subResourceDefinitions.iterator().next().getType().name()); + for (SubResourceDefinition subResourceDefinition : subResourceDefinitions) { + String name = subResourceDefinition.getType().name(); + Assert.assertTrue(name.equals("ViewInstance") || name.equals("ViewPermission")); + } } } http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-server/src/test/java/org/apache/ambari/server/api/services/ViewPermissionServiceTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/api/services/ViewPermissionServiceTest.java b/ambari-server/src/test/java/org/apache/ambari/server/api/services/ViewPermissionServiceTest.java new file mode 100644 index 0000000..f841be9 --- /dev/null +++ b/ambari-server/src/test/java/org/apache/ambari/server/api/services/ViewPermissionServiceTest.java @@ -0,0 +1,100 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.api.services; + +import org.apache.ambari.server.api.resources.ResourceInstance; +import org.apache.ambari.server.api.services.parsers.RequestBodyParser; +import org.apache.ambari.server.api.services.serializers.ResultSerializer; + +import javax.ws.rs.core.HttpHeaders; +import javax.ws.rs.core.UriInfo; +import java.lang.reflect.Method; +import java.util.ArrayList; +import java.util.List; + +import static org.junit.Assert.assertEquals; + +/** + * Unit tests for ViewPermissionService. + */ +public class ViewPermissionServiceTest extends BaseServiceTest { + + + public List<ServiceTestInvocation> getTestInvocations() throws Exception { + List<ServiceTestInvocation> listInvocations = new ArrayList<ServiceTestInvocation>(); + + //getPermission + ViewPermissionService permissionService = new TestViewPermissionService("MY_VIEW", "1.0", "permissionName"); + Method m = permissionService.getClass().getMethod("getPermission", HttpHeaders.class, UriInfo.class, String.class); + Object[] args = new Object[] {getHttpHeaders(), getUriInfo(), "permissionName"}; + listInvocations.add(new ServiceTestInvocation(Request.Type.GET, permissionService, m, args, null)); + + //getPermissions + permissionService = new TestViewPermissionService("MY_VIEW", "1.0",null); + m = permissionService.getClass().getMethod("getPermissions", HttpHeaders.class, UriInfo.class); + args = new Object[] {getHttpHeaders(), getUriInfo()}; + listInvocations.add(new ServiceTestInvocation(Request.Type.GET, permissionService, m, args, null)); + + //createPermission + permissionService = new TestViewPermissionService("MY_VIEW", "1.0","permissionName"); + m = permissionService.getClass().getMethod("createPermission", String.class, HttpHeaders.class, UriInfo.class, String.class); + args = new Object[] {"body", getHttpHeaders(), getUriInfo(), "permissionName"}; + listInvocations.add(new ServiceTestInvocation(Request.Type.POST, permissionService, m, args, "body")); + + //deletePermission + permissionService = new TestViewPermissionService("MY_VIEW", "1.0","permissionName"); + m = permissionService.getClass().getMethod("deletePermission", HttpHeaders.class, UriInfo.class, String.class); + args = new Object[] {getHttpHeaders(), getUriInfo(), "permissionName"}; + listInvocations.add(new ServiceTestInvocation(Request.Type.DELETE, permissionService, m, args, null)); + + return listInvocations; + } + + + private class TestViewPermissionService extends ViewPermissionService { + private String permissionId; + + private TestViewPermissionService(String viewName, String version, String permissionId) { + + super(viewName, version); + this.permissionId = permissionId; + } + + @Override + protected ResourceInstance createPermissionResource(String viewName, String viewVersion, String permissionId) { + assertEquals(this.permissionId, permissionId); + return getTestResource(); + } + + @Override + RequestFactory getRequestFactory() { + return getTestRequestFactory(); + } + + @Override + protected RequestBodyParser getBodyParser() { + return getTestBodyParser(); + } + + @Override + protected ResultSerializer getResultSerializer() { + return getTestResultSerializer(); + } + } +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-server/src/test/java/org/apache/ambari/server/view/ViewRegistryTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/view/ViewRegistryTest.java b/ambari-server/src/test/java/org/apache/ambari/server/view/ViewRegistryTest.java index 5bd5c38..fbe1c90 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/view/ViewRegistryTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/view/ViewRegistryTest.java @@ -22,8 +22,11 @@ import org.apache.ambari.server.api.resources.SubResourceDefinition; import org.apache.ambari.server.configuration.Configuration; import org.apache.ambari.server.controller.spi.Resource; import org.apache.ambari.server.controller.spi.ResourceProvider; +import org.apache.ambari.server.orm.dao.MemberDAO; +import org.apache.ambari.server.orm.dao.PrivilegeDAO; import org.apache.ambari.server.orm.dao.ResourceDAO; import org.apache.ambari.server.orm.dao.ResourceTypeDAO; +import org.apache.ambari.server.orm.dao.UserDAO; import org.apache.ambari.server.orm.dao.ViewDAO; import org.apache.ambari.server.orm.dao.ViewInstanceDAO; import org.apache.ambari.server.orm.entities.ResourceEntity; @@ -175,12 +178,22 @@ public class ViewRegistryTest { ViewRegistry.setViewDAO(vDAO); ViewEntity viewDefinition = ViewEntityTest.getViewEntity(); + viewDefinition.setResourceType(resourceTypeEntity); - viewDefinition.setInstances(ViewInstanceEntityTest.getViewInstanceEntities(viewDefinition)); + Set<ViewInstanceEntity> viewInstanceEntities = ViewInstanceEntityTest.getViewInstanceEntities(viewDefinition); + viewDefinition.setInstances(viewInstanceEntities); Map<File, ViewConfig> viewConfigs = Collections.singletonMap(viewArchive, viewDefinition.getConfiguration()); + long resourceId = 99L; + for (ViewInstanceEntity viewInstanceEntity : viewInstanceEntities) { + ResourceEntity resourceEntity = new ResourceEntity(); + resourceEntity.setId(resourceId); + resourceEntity.setResourceType(resourceTypeEntity); + viewInstanceEntity.setResource(resourceEntity); + } + Map<String, File> files = new HashMap<String, File>(); files.put("/var/lib/ambari-server/resources/views/work", extractedArchiveDir); @@ -242,17 +255,10 @@ public class ViewRegistryTest { Capture<ViewEntity> captureViewEntity = new Capture<ViewEntity>(); expect(vDAO.findByName("MY_VIEW{1.0.0}")).andReturn(null); - expect(vDAO.merge(capture(captureViewEntity))).andReturn(null); - expect(vDAO.findByName("MY_VIEW{1.0.0}")).andReturn(viewDefinition); + expect(vDAO.merge(capture(captureViewEntity))).andReturn(viewDefinition); expect(vDAO.findAll()).andReturn(Collections.<ViewEntity>emptyList()); - expect(rtDAO.findByName("MY_VIEW{1.0.0}")).andReturn(resourceTypeEntity); - - Capture<ResourceEntity> resourceEntityCapture = new Capture<ResourceEntity>(); - rDAO.create(capture(resourceEntityCapture)); - rDAO.create(capture(resourceEntityCapture)); - // replay mocks replay(configuration, viewDir, extractedArchiveDir, viewArchive, archiveDir, entryFile, classesDir, libDir, fileEntry, viewJarFile, enumeration, jarEntry, is, fos, vDAO, rtDAO, rDAO); @@ -305,10 +311,22 @@ public class ViewRegistryTest { ViewRegistry.setViewDAO(vDAO); ViewEntity viewDefinition = ViewEntityTest.getViewEntity(); + viewDefinition.setResourceType(resourceTypeEntity); + + Set<ViewInstanceEntity> viewInstanceEntities = ViewInstanceEntityTest.getViewInstanceEntities(viewDefinition); + viewDefinition.setInstances(viewInstanceEntities); Map<File, ViewConfig> viewConfigs = Collections.singletonMap(viewArchive, viewDefinition.getConfiguration()); + long resourceId = 99L; + for (ViewInstanceEntity viewInstanceEntity : viewInstanceEntities) { + ResourceEntity resourceEntity = new ResourceEntity(); + resourceEntity.setId(resourceId); + resourceEntity.setResourceType(resourceTypeEntity); + viewInstanceEntity.setResource(resourceEntity); + } + Map<String, File> files = new HashMap<String, File>(); files.put("/var/lib/ambari-server/resources/views/work", extractedArchiveDir); @@ -374,11 +392,7 @@ public class ViewRegistryTest { expect(vDAO.findAll()).andReturn(Collections.<ViewEntity>emptyList()); - expect(rtDAO.findByName("MY_VIEW{1.0.0}")).andReturn(resourceTypeEntity); - Capture<ResourceEntity> resourceEntityCapture = new Capture<ResourceEntity>(); - rDAO.create(capture(resourceEntityCapture)); - rDAO.create(capture(resourceEntityCapture)); // replay mocks replay(configuration, viewDir, extractedArchiveDir, viewArchive, archiveDir, entryFile, classesDir, @@ -511,8 +525,11 @@ public class ViewRegistryTest { ViewInstanceDAO viewInstanceDAO = createNiceMock(ViewInstanceDAO.class); ResourceDAO resourceDAO = createNiceMock(ResourceDAO.class); ResourceTypeDAO resourceTypeDAO = createNiceMock(ResourceTypeDAO.class); + UserDAO userDAO = createNiceMock(UserDAO.class); + MemberDAO memberDAO = createNiceMock(MemberDAO.class); + PrivilegeDAO privilegeDAO = createNiceMock(PrivilegeDAO.class); - ViewRegistry.init(viewDAO, viewInstanceDAO, resourceDAO, resourceTypeDAO); + ViewRegistry.init(viewDAO, viewInstanceDAO, resourceDAO, resourceTypeDAO, userDAO, memberDAO, privilegeDAO); ViewRegistry registry = ViewRegistry.getInstance(); @@ -549,8 +566,11 @@ public class ViewRegistryTest { ViewInstanceDAO viewInstanceDAO = createNiceMock(ViewInstanceDAO.class); ResourceDAO resourceDAO = createNiceMock(ResourceDAO.class); ResourceTypeDAO resourceTypeDAO = createNiceMock(ResourceTypeDAO.class); + UserDAO userDAO = createNiceMock(UserDAO.class); + MemberDAO memberDAO = createNiceMock(MemberDAO.class); + PrivilegeDAO privilegeDAO = createNiceMock(PrivilegeDAO.class); - ViewRegistry.init(viewDAO, viewInstanceDAO, resourceDAO, resourceTypeDAO); + ViewRegistry.init(viewDAO, viewInstanceDAO, resourceDAO, resourceTypeDAO, userDAO, memberDAO, privilegeDAO); ViewRegistry registry = ViewRegistry.getInstance(); @@ -582,8 +602,11 @@ public class ViewRegistryTest { ViewInstanceDAO viewInstanceDAO = createNiceMock(ViewInstanceDAO.class); ResourceDAO resourceDAO = createNiceMock(ResourceDAO.class); ResourceTypeDAO resourceTypeDAO = createNiceMock(ResourceTypeDAO.class); + UserDAO userDAO = createNiceMock(UserDAO.class); + MemberDAO memberDAO = createNiceMock(MemberDAO.class); + PrivilegeDAO privilegeDAO = createNiceMock(PrivilegeDAO.class); - ViewRegistry.init(viewDAO, viewInstanceDAO, resourceDAO, resourceTypeDAO); + ViewRegistry.init(viewDAO, viewInstanceDAO, resourceDAO, resourceTypeDAO, userDAO, memberDAO, privilegeDAO); ViewRegistry registry = ViewRegistry.getInstance(); @@ -616,8 +639,11 @@ public class ViewRegistryTest { ViewInstanceDAO viewInstanceDAO = createNiceMock(ViewInstanceDAO.class); ResourceDAO resourceDAO = createNiceMock(ResourceDAO.class); ResourceTypeDAO resourceTypeDAO = createNiceMock(ResourceTypeDAO.class); + UserDAO userDAO = createNiceMock(UserDAO.class); + MemberDAO memberDAO = createNiceMock(MemberDAO.class); + PrivilegeDAO privilegeDAO = createNiceMock(PrivilegeDAO.class); - ViewRegistry.init(viewDAO, viewInstanceDAO, resourceDAO, resourceTypeDAO); + ViewRegistry.init(viewDAO, viewInstanceDAO, resourceDAO, resourceTypeDAO, userDAO, memberDAO, privilegeDAO); ViewRegistry registry = ViewRegistry.getInstance(); @@ -658,8 +684,11 @@ public class ViewRegistryTest { ViewInstanceDAO viewInstanceDAO = createNiceMock(ViewInstanceDAO.class); ResourceDAO resourceDAO = createNiceMock(ResourceDAO.class); ResourceTypeDAO resourceTypeDAO = createNiceMock(ResourceTypeDAO.class); + UserDAO userDAO = createNiceMock(UserDAO.class); + MemberDAO memberDAO = createNiceMock(MemberDAO.class); + PrivilegeDAO privilegeDAO = createNiceMock(PrivilegeDAO.class); - ViewRegistry.init(viewDAO, viewInstanceDAO, resourceDAO, resourceTypeDAO); + ViewRegistry.init(viewDAO, viewInstanceDAO, resourceDAO, resourceTypeDAO, userDAO, memberDAO, privilegeDAO); ViewRegistry registry = ViewRegistry.getInstance(); @@ -698,8 +727,11 @@ public class ViewRegistryTest { ViewInstanceDAO viewInstanceDAO = createNiceMock(ViewInstanceDAO.class); ResourceDAO resourceDAO = createNiceMock(ResourceDAO.class); ResourceTypeDAO resourceTypeDAO = createNiceMock(ResourceTypeDAO.class); + UserDAO userDAO = createNiceMock(UserDAO.class); + MemberDAO memberDAO = createNiceMock(MemberDAO.class); + PrivilegeDAO privilegeDAO = createNiceMock(PrivilegeDAO.class); - ViewRegistry.init(viewDAO, viewInstanceDAO, resourceDAO, resourceTypeDAO); + ViewRegistry.init(viewDAO, viewInstanceDAO, resourceDAO, resourceTypeDAO, userDAO, memberDAO, privilegeDAO); ViewRegistry registry = ViewRegistry.getInstance(); http://git-wip-us.apache.org/repos/asf/ambari/blob/11336361/ambari-server/src/test/java/org/apache/ambari/server/view/configuration/PermissionConfigTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/view/configuration/PermissionConfigTest.java b/ambari-server/src/test/java/org/apache/ambari/server/view/configuration/PermissionConfigTest.java new file mode 100644 index 0000000..2600f17 --- /dev/null +++ b/ambari-server/src/test/java/org/apache/ambari/server/view/configuration/PermissionConfigTest.java @@ -0,0 +1,69 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.ambari.server.view.configuration; + +import org.junit.Assert; +import org.junit.Test; + +import javax.xml.bind.JAXBException; +import java.util.List; + +/** + * EntityConfig tests. + */ +public class PermissionConfigTest { + + private final static String xml = "<view>\n" + + " <name>MY_VIEW</name>\n" + + " <label>My View!</label>\n" + + " <version>1.0.0</version>\n" + + " <instance>\n" + + " <name>INSTANCE1</name>\n" + + " </instance>\n" + + " <permission>\n" + + " <name>RESTRICTED</name>\n" + + " <description>Access permission for a restricted view resource.</description>\n" + + " </permission>" + + "</view>"; + + + @Test + public void testGetName() throws Exception { + List<PermissionConfig> permissions = getPremissionConfig(); + + Assert.assertEquals(1, permissions.size()); + + Assert.assertEquals("RESTRICTED", permissions.get(0).getName()); + } + + @Test + public void testGetDescription() throws Exception { + List<PermissionConfig> permissions = getPremissionConfig(); + + Assert.assertEquals(1, permissions.size()); + + Assert.assertEquals("Access permission for a restricted view resource.", permissions.get(0).getDescription()); + } + + public static List<PermissionConfig> getPremissionConfig() throws JAXBException { + ViewConfig config = ViewConfigTest.getConfig(xml); + + return config.getPermissions(); + } +}