[kylin] 11/12: KYLIN-4103: Make the user string in granting operation of project is case insensitive

Thu, 26 Sep 2019 06:42:17 -0700 

This is an automated email from the ASF dual-hosted git repository.

nic pushed a commit to branch 2.6.x
in repository https://gitbox.apache.org/repos/asf/kylin.git

commit 8698f535fc907425e8d2bc9b0769262e27086f42
Author: Liu Shaohui <liushao...@xiaomi.com>
AuthorDate: Mon Sep 16 16:05:37 2019 +0800

    KYLIN-4103: Make the user string in granting operation of project is case 
insensitive
---
 .../apache/kylin/rest/service/AccessService.java   |  4 +--
 .../kylin/rest/service/AccessServiceTest.java      | 31 ++++++++++++++++++++++
 2 files changed, 33 insertions(+), 2 deletions(-)

diff --git 
a/server-base/src/main/java/org/apache/kylin/rest/service/AccessService.java 
b/server-base/src/main/java/org/apache/kylin/rest/service/AccessService.java
index dfac275..e1039e4 100644
--- a/server-base/src/main/java/org/apache/kylin/rest/service/AccessService.java
+++ b/server-base/src/main/java/org/apache/kylin/rest/service/AccessService.java
@@ -21,9 +21,9 @@ package org.apache.kylin.rest.service;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
-import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.TreeMap;
 
 import org.apache.commons.lang.StringUtils;
 import org.apache.kylin.common.KylinConfig;
@@ -422,7 +422,7 @@ public class AccessService {
     }
 
     private Map<String, Integer> getProjectPermission(String project) {
-        Map<String, Integer> SidWithPermission = new HashMap<>();
+        Map<String, Integer> SidWithPermission = new 
TreeMap<>(String.CASE_INSENSITIVE_ORDER);
 
         String uuid = 
ProjectManager.getInstance(KylinConfig.getInstanceFromEnv()).getProject(project).getUuid();
         AclEntity ae = getAclEntity(AclEntityType.PROJECT_INSTANCE, uuid);
diff --git 
a/server/src/test/java/org/apache/kylin/rest/service/AccessServiceTest.java 
b/server/src/test/java/org/apache/kylin/rest/service/AccessServiceTest.java
index 52f5cd2..b21abcc 100644
--- a/server/src/test/java/org/apache/kylin/rest/service/AccessServiceTest.java
+++ b/server/src/test/java/org/apache/kylin/rest/service/AccessServiceTest.java
@@ -47,6 +47,9 @@ import org.springframework.security.acls.model.Permission;
 import org.springframework.security.acls.model.Sid;
 
 import com.fasterxml.jackson.core.JsonProcessingException;
+import org.springframework.security.authentication.TestingAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
 
 /**
  */
@@ -183,4 +186,32 @@ public class AccessServiceTest extends ServiceTestBase {
             accessService.grant(ae, AclPermission.OPERATION, sid);
         }
     }
+
+    @Test
+    public void testCaseInsensitiveProjectPermission() {
+        List<ProjectInstance> projects = projectService.listProjects(10000, 0);
+        assertTrue(projects.size() > 0);
+        ProjectInstance project = projects.get(0);
+        PrincipalSid sid = new PrincipalSid("ANALYST");
+        RootPersistentEntity ae = accessService.getAclEntity(PROJECT_INSTANCE, 
project.getUuid());
+        accessService.grant(ae, AclPermission.READ, sid);
+        Assert.assertEquals(1, accessService.getAcl(ae).getEntries().size());
+
+        Authentication admin = 
SecurityContextHolder.getContext().getAuthentication();
+        // Upper case username
+        Authentication analystAuth = new TestingAuthenticationToken("ANALYST", 
"ANALYST", "ROLE_ANALYST");
+        SecurityContextHolder.getContext().setAuthentication(analystAuth);
+        Assert.assertEquals("ANALYST",  
SecurityContextHolder.getContext().getAuthentication().getName());
+        Assert.assertEquals("READ", 
accessService.getUserPermissionInPrj(project.getName()));
+
+        // lower case username
+        analystAuth = new TestingAuthenticationToken("analyst", "ANALYST", 
"ROLE_ANALYST");
+        SecurityContextHolder.getContext().setAuthentication(analystAuth);
+        Assert.assertEquals("analyst",  
SecurityContextHolder.getContext().getAuthentication().getName());
+        Assert.assertEquals("READ", 
accessService.getUserPermissionInPrj(project.getName()));
+
+        SecurityContextHolder.getContext().setAuthentication(admin);
+        accessService.revokeProjectPermission("ANALYST", 
MetadataConstants.TYPE_USER);
+        Assert.assertEquals(0, accessService.getAcl(ae).getEntries().size());
+    }
 }

Reply via email to