GitHub user prasadwagle reopened a pull request:
https://github.com/apache/incubator-zeppelin/pull/681
Notebook Authorization
### What is this PR for?
The goal of the PR is to add authorization for notebooks according to the
design document [here]
(https://gist.github.com/prasadwagle/712b7ca1e0f1f4f1aa20).
The PR uses Shiro authentication.
### What type of PR is it?
Feature
### Todos
* [ ] - Find way to get roles for a user in SecurityUtils (see SHIRO-492)
* [x] - Investigate how to use Shiro authorization
* [x] - Use groups associated with user to determine if operation is
permitted
* [x] - Check if user has permissions to modify note permissions
* [x] - Add checks in more NotebookServer operations
* [x] - Improve UI (explain permissions, error messages)
* [x] - Add unit tests
* [x] - Documentation
### Is there a relevant Jira issue?
ZEPPELIN-549
### How should this be tested?
1. Enable Basic Auth Security by changing conf/shiro.ini.
1. Create a note. By default all operations are allowed by any
authenticated user.
1. Update readers, writers and owners by clicking on the lock icon in the
top right area.
1. Check if users can or cannot perform operations according to the
permissions.
### Screenshots (if appropriate)
### Questions:
* Does the licenses files need update? No
* Is there breaking changes for older versions? No
* Does this needs documentation? No
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/prasadwagle/incubator-zeppelin
notebook_authorization
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/incubator-zeppelin/pull/681.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #681
----
commit 6e85730343399c174090d2cf329bc3407d12e142
Author: Prasad Wagle <[email protected]>
Date: 2016-02-01T06:30:51Z
Notebook Authorization
commit a8d0ecbb8f973a10a60e17f0b27b2c63c6623e78
Author: Prasad Wagle <[email protected]>
Date: 2016-02-05T01:57:19Z
Add security documentation
commit 6b9e27447ddc2b7f58be9bad16cf527521405ce1
Author: Prasad Wagle <[email protected]>
Date: 2016-02-05T02:01:53Z
Add unit test for note permissions
commit 06c5e07c23cdc5f2e95dd8368faf5780f0f0665a
Author: Prasad Wagle <[email protected]>
Date: 2016-02-05T02:02:47Z
Update navigation.html for security docs
commit fbbd04b39e8b0a629c2b6284016c4853c7f6425a
Author: Prasad Wagle <[email protected]>
Date: 2016-02-05T02:04:38Z
Make insufficient privileges error message easier to read
commit 3a5e5c08daae705c5a48a63d4f3b9660a3b7ef17
Author: Prasad Wagle <[email protected]>
Date: 2016-02-05T02:05:18Z
Check if user has permissions to modify note permissions
commit 25543155b2e1b7065493352688836ba1d0d7c9d1
Author: Prasad Wagle <[email protected]>
Date: 2016-02-06T00:26:53Z
Use user and roles for checking note permissions
commit 6c89dbe93d5b3e0c2d86ff892271a25fc1809e9d
Author: Prasad Wagle <[email protected]>
Date: 2016-02-10T21:44:31Z
Implement Moon's suggestions on note permissions background and wildcard
placeholder
commit 1ac076e1a87e6ee11644cf77d78f59d444e82180
Author: Prasad Wagle <[email protected]>
Date: 2016-02-11T04:54:10Z
Fixed typo in _navigation.html and updated interpreter_authorization.md
commit 28ea69763cf2954d8fae84568a974672c65b18a8
Author: Prasad Wagle <[email protected]>
Date: 2016-02-15T22:56:18Z
Fixed issues with security documentation reported by @AhyoungRyu
commit 733530f0fe35e8d0ada2f44653e04060dfdf87d9
Author: Prasad Wagle <[email protected]>
Date: 2016-02-25T21:00:06Z
Minor doc fix
commit 52f491468818634dd6403cfee69f7f3653b2a512
Author: Prasad Wagle <[email protected]>
Date: 2016-02-25T23:22:51Z
Check whether roles is non-empty before adding to userAndRoles
commit 29ebf486fc28d4a1570d59a1efef5dac562ac72e
Author: Prasad Wagle <[email protected]>
Date: 2016-02-25T23:38:23Z
Merge with master
commit 24e8de4a8540da37039b4472e8ab5739e0a320c8
Author: Prasad Wagle <[email protected]>
Date: 2016-02-26T00:01:13Z
Remove duplicate imports
commit e7cffd821dfad92012b6449fccb7a7d64300dc7c
Author: Prasad Wagle <[email protected]>
Date: 2016-02-26T00:54:47Z
Restore anon default in shiro.ini
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
