This is an automated email from the ASF dual-hosted git repository. liyang pushed a commit to branch kylin5 in repository https://gitbox.apache.org/repos/asf/kylin.git
commit 9f269b527f33911dbad4395f7e8395dc9fdbec96 Author: Liang.Hua <36814772+jacob...@users.noreply.github.com> AuthorDate: Thu Aug 10 13:46:10 2023 +0800 KYLIN-5779 Without project permission,API "/access/acls" throws NPE Co-authored-by: liang.hua <liang....@kyligence.io> --- .../src/main/java/org/apache/kylin/rest/service/AccessService.java | 6 ++++-- .../test/java/org/apache/kylin/rest/service/AclTCRServiceTest.java | 4 ++++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/src/common-service/src/main/java/org/apache/kylin/rest/service/AccessService.java b/src/common-service/src/main/java/org/apache/kylin/rest/service/AccessService.java index 9e8da0d29b..54dcf242c8 100644 --- a/src/common-service/src/main/java/org/apache/kylin/rest/service/AccessService.java +++ b/src/common-service/src/main/java/org/apache/kylin/rest/service/AccessService.java @@ -804,7 +804,7 @@ public class AccessService extends BasicService { return AclConstants.ADMINISTRATION; } Map<Sid, Integer> projectPermissions = getProjectPermission(project); - int mask = projectPermissions.get(getSid(groupName, false)); + int mask = projectPermissions.getOrDefault(getSid(groupName, false), 0); return ExternalAclProvider.convertToExternalPermission(mask); } @@ -877,7 +877,9 @@ public class AccessService extends BasicService { SidPermissionWithAclResponse permissionWithAclResponse = principal ? getUserPermissionWithAclResponse(project, userOrGroupName) : getGroupPermissionWithAclResponse(project, userOrGroupName); - sidPermissionWithAclResponse.add(permissionWithAclResponse); + if (!AclConstants.EMPTY.equals(permissionWithAclResponse.getProjectPermission())) { + sidPermissionWithAclResponse.add(permissionWithAclResponse); + } } return sidPermissionWithAclResponse; } diff --git a/src/common-service/src/test/java/org/apache/kylin/rest/service/AclTCRServiceTest.java b/src/common-service/src/test/java/org/apache/kylin/rest/service/AclTCRServiceTest.java index 9af9f92b14..ca41c60de0 100644 --- a/src/common-service/src/test/java/org/apache/kylin/rest/service/AclTCRServiceTest.java +++ b/src/common-service/src/test/java/org/apache/kylin/rest/service/AclTCRServiceTest.java @@ -1334,6 +1334,10 @@ public class AclTCRServiceTest extends NLocalFileMetadataTestCase { responses = accessService.getUserOrGroupAclPermissions(projects, "ANALYST", true); Assert.assertEquals(1, responses.size()); Assert.assertEquals("OPERATION", responses.get(0).getProjectPermission()); + + // test user have not project permission + responses = accessService.getUserOrGroupAclPermissions(Lists.newArrayList("ssb"), "ANALYST", true); + Assert.assertEquals(0, responses.size()); } @Test