(kylin) 04/18: KYLIN-5779 Without project permission,API "/access/acls" throws NPE

Tue, 09 Apr 2024 07:50:07 -0700 

This is an automated email from the ASF dual-hosted git repository.

liyang pushed a commit to branch kylin5
in repository https://gitbox.apache.org/repos/asf/kylin.git

commit 9f269b527f33911dbad4395f7e8395dc9fdbec96
Author: Liang.Hua <36814772+jacob...@users.noreply.github.com>
AuthorDate: Thu Aug 10 13:46:10 2023 +0800

    KYLIN-5779 Without project permission,API "/access/acls" throws NPE
    
    Co-authored-by: liang.hua <liang....@kyligence.io>
---
 .../src/main/java/org/apache/kylin/rest/service/AccessService.java  | 6 ++++--
 .../test/java/org/apache/kylin/rest/service/AclTCRServiceTest.java  | 4 ++++
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git 
a/src/common-service/src/main/java/org/apache/kylin/rest/service/AccessService.java
 
b/src/common-service/src/main/java/org/apache/kylin/rest/service/AccessService.java
index 9e8da0d29b..54dcf242c8 100644
--- 
a/src/common-service/src/main/java/org/apache/kylin/rest/service/AccessService.java
+++ 
b/src/common-service/src/main/java/org/apache/kylin/rest/service/AccessService.java
@@ -804,7 +804,7 @@ public class AccessService extends BasicService {
             return AclConstants.ADMINISTRATION;
         }
         Map<Sid, Integer> projectPermissions = getProjectPermission(project);
-        int mask = projectPermissions.get(getSid(groupName, false));
+        int mask = projectPermissions.getOrDefault(getSid(groupName, false), 
0);
         return ExternalAclProvider.convertToExternalPermission(mask);
     }
 
@@ -877,7 +877,9 @@ public class AccessService extends BasicService {
             SidPermissionWithAclResponse permissionWithAclResponse = principal
                     ? getUserPermissionWithAclResponse(project, 
userOrGroupName)
                     : getGroupPermissionWithAclResponse(project, 
userOrGroupName);
-            sidPermissionWithAclResponse.add(permissionWithAclResponse);
+            if 
(!AclConstants.EMPTY.equals(permissionWithAclResponse.getProjectPermission())) {
+                sidPermissionWithAclResponse.add(permissionWithAclResponse);
+            }
         }
         return sidPermissionWithAclResponse;
     }
diff --git 
a/src/common-service/src/test/java/org/apache/kylin/rest/service/AclTCRServiceTest.java
 
b/src/common-service/src/test/java/org/apache/kylin/rest/service/AclTCRServiceTest.java
index 9af9f92b14..ca41c60de0 100644
--- 
a/src/common-service/src/test/java/org/apache/kylin/rest/service/AclTCRServiceTest.java
+++ 
b/src/common-service/src/test/java/org/apache/kylin/rest/service/AclTCRServiceTest.java
@@ -1334,6 +1334,10 @@ public class AclTCRServiceTest extends 
NLocalFileMetadataTestCase {
         responses = accessService.getUserOrGroupAclPermissions(projects, 
"ANALYST", true);
         Assert.assertEquals(1, responses.size());
         Assert.assertEquals("OPERATION", 
responses.get(0).getProjectPermission());
+
+        // test user have not project permission
+        responses = 
accessService.getUserOrGroupAclPermissions(Lists.newArrayList("ssb"), 
"ANALYST", true);
+        Assert.assertEquals(0, responses.size());
     }
 
     @Test

Reply via email to