This is an automated email from the ASF dual-hosted git repository. nic pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/kylin.git
The following commit(s) were added to refs/heads/master by this push: new 2384679 KYLIN-4103: Make the user string in granting operation of project is case insensitive 2384679 is described below commit 23846794fef1d6c4eae523869da7c4d2617b540c Author: Liu Shaohui <liushao...@xiaomi.com> AuthorDate: Mon Sep 16 16:05:37 2019 +0800 KYLIN-4103: Make the user string in granting operation of project is case insensitive --- .../apache/kylin/rest/service/AccessService.java | 4 +-- .../kylin/rest/service/AccessServiceTest.java | 31 ++++++++++++++++++++++ 2 files changed, 33 insertions(+), 2 deletions(-) diff --git a/server-base/src/main/java/org/apache/kylin/rest/service/AccessService.java b/server-base/src/main/java/org/apache/kylin/rest/service/AccessService.java index dfac275..e1039e4 100644 --- a/server-base/src/main/java/org/apache/kylin/rest/service/AccessService.java +++ b/server-base/src/main/java/org/apache/kylin/rest/service/AccessService.java @@ -21,9 +21,9 @@ package org.apache.kylin.rest.service; import java.util.ArrayList; import java.util.Collection; import java.util.Collections; -import java.util.HashMap; import java.util.List; import java.util.Map; +import java.util.TreeMap; import org.apache.commons.lang.StringUtils; import org.apache.kylin.common.KylinConfig; @@ -422,7 +422,7 @@ public class AccessService { } private Map<String, Integer> getProjectPermission(String project) { - Map<String, Integer> SidWithPermission = new HashMap<>(); + Map<String, Integer> SidWithPermission = new TreeMap<>(String.CASE_INSENSITIVE_ORDER); String uuid = ProjectManager.getInstance(KylinConfig.getInstanceFromEnv()).getProject(project).getUuid(); AclEntity ae = getAclEntity(AclEntityType.PROJECT_INSTANCE, uuid); diff --git a/server/src/test/java/org/apache/kylin/rest/service/AccessServiceTest.java b/server/src/test/java/org/apache/kylin/rest/service/AccessServiceTest.java index 52f5cd2..b21abcc 100644 --- a/server/src/test/java/org/apache/kylin/rest/service/AccessServiceTest.java +++ b/server/src/test/java/org/apache/kylin/rest/service/AccessServiceTest.java @@ -47,6 +47,9 @@ import org.springframework.security.acls.model.Permission; import org.springframework.security.acls.model.Sid; import com.fasterxml.jackson.core.JsonProcessingException; +import org.springframework.security.authentication.TestingAuthenticationToken; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.context.SecurityContextHolder; /** */ @@ -183,4 +186,32 @@ public class AccessServiceTest extends ServiceTestBase { accessService.grant(ae, AclPermission.OPERATION, sid); } } + + @Test + public void testCaseInsensitiveProjectPermission() { + List<ProjectInstance> projects = projectService.listProjects(10000, 0); + assertTrue(projects.size() > 0); + ProjectInstance project = projects.get(0); + PrincipalSid sid = new PrincipalSid("ANALYST"); + RootPersistentEntity ae = accessService.getAclEntity(PROJECT_INSTANCE, project.getUuid()); + accessService.grant(ae, AclPermission.READ, sid); + Assert.assertEquals(1, accessService.getAcl(ae).getEntries().size()); + + Authentication admin = SecurityContextHolder.getContext().getAuthentication(); + // Upper case username + Authentication analystAuth = new TestingAuthenticationToken("ANALYST", "ANALYST", "ROLE_ANALYST"); + SecurityContextHolder.getContext().setAuthentication(analystAuth); + Assert.assertEquals("ANALYST", SecurityContextHolder.getContext().getAuthentication().getName()); + Assert.assertEquals("READ", accessService.getUserPermissionInPrj(project.getName())); + + // lower case username + analystAuth = new TestingAuthenticationToken("analyst", "ANALYST", "ROLE_ANALYST"); + SecurityContextHolder.getContext().setAuthentication(analystAuth); + Assert.assertEquals("analyst", SecurityContextHolder.getContext().getAuthentication().getName()); + Assert.assertEquals("READ", accessService.getUserPermissionInPrj(project.getName())); + + SecurityContextHolder.getContext().setAuthentication(admin); + accessService.revokeProjectPermission("ANALYST", MetadataConstants.TYPE_USER); + Assert.assertEquals(0, accessService.getAcl(ae).getEntries().size()); + } }