[ https://issues.apache.org/jira/browse/KYLIN-3223?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16357856#comment-16357856 ]
Billy Liu commented on KYLIN-3223: ---------------------------------- Agree. The access check is missing on this API. LGTM. Patch merged at http://git-wip-us.apache.org/repos/asf/kylin/commit/0655dbc3. Thank you, [~seva_ostapenko] > Query for the list of hybrid cubes results in NPE > ------------------------------------------------- > > Key: KYLIN-3223 > URL: https://issues.apache.org/jira/browse/KYLIN-3223 > Project: Kylin > Issue Type: Bug > Components: REST Service > Affects Versions: v2.2.0 > Environment: HDP 2.5.6, Kylin 2.2 > Reporter: Vsevolod Ostapenko > Assignee: Vsevolod Ostapenko > Priority: Major > Fix For: v2.3.0 > > Attachments: > 0001-KYLIN-3223-Query-for-the-list-of-hybrid-cubes-result.patch > > > Calling REST API to get the list of hybrid cubes returns stack trace with NPE > exception. > {quote}curl -u ADMIN:KYLIN -X GET -H 'Content-Type: application/json' -d {} > [http://localhost:7070/kylin/api/hybrids] > {quote} > > If a parameter project without a value is specified, call succeeds. E.g. > {quote}curl -u ADMIN:KYLIN -X GET -H 'Content-Type: application/json' -d {} > [http://localhost:7070/kylin/api/hybrids?project] > {quote} > Quick look at the HybridService.java suggests that there is a bug in the > code, where the very first line tries to check ACLs on the project using the > project name, which is NULL, when project parameter is not specified as part > of the URL. > If parameter is specified without a value, ACL check is not performed, so > it's another bug, as the list of projects is retrieved without read > permission checking. -- This message was sent by Atlassian JIRA (v7.6.3#76005)