This is an automated email from the ASF dual-hosted git repository. billyliu pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/kylin.git
commit 5807cdf70f8e8215566fcb20ae3b900f20f8ed27 Author: Jiatao Tao <245915...@qq.com> AuthorDate: Tue Feb 6 19:38:31 2018 +0800 minor, check user/group exists when grant access. --- .../org/apache/kylin/rest/controller/AccessController.java | 14 +++++++++++--- .../main/java/org/apache/kylin/rest/util/ValidateUtil.java | 2 +- .../apache/kylin/rest/controller/AccessControllerTest.java | 11 ++++++++--- .../test/java/org/apache/kylin/rest/util/AclUtilTest.java | 4 +++- 4 files changed, 23 insertions(+), 8 deletions(-) diff --git a/server-base/src/main/java/org/apache/kylin/rest/controller/AccessController.java b/server-base/src/main/java/org/apache/kylin/rest/controller/AccessController.java index 7935f77..56cae10 100644 --- a/server-base/src/main/java/org/apache/kylin/rest/controller/AccessController.java +++ b/server-base/src/main/java/org/apache/kylin/rest/controller/AccessController.java @@ -36,6 +36,7 @@ import org.apache.kylin.rest.service.ProjectService; import org.apache.kylin.rest.service.TableACLService; import org.apache.kylin.rest.service.UserService; import org.apache.kylin.rest.util.AclPermissionUtil; +import org.apache.kylin.rest.util.ValidateUtil; import org.springframework.beans.factory.InitializingBean; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; @@ -75,7 +76,10 @@ public class AccessController extends BasicController implements InitializingBea @Qualifier("userService") private UserService userService; - + @Autowired + @Qualifier("validateUtil") + private ValidateUtil validateUtil; + @Override public void afterPropertiesSet() throws Exception { // init ExternalAclProvider @@ -138,9 +142,13 @@ public class AccessController extends BasicController implements InitializingBea */ @RequestMapping(value = "/{type}/{uuid}", method = { RequestMethod.POST }, produces = { "application/json" }) @ResponseBody - public List<AccessEntryResponse> grant(@PathVariable String type, @PathVariable String uuid, @RequestBody AccessRequest accessRequest) { + public List<AccessEntryResponse> grant(@PathVariable String type, @PathVariable String uuid, @RequestBody AccessRequest accessRequest) throws IOException { + boolean isPrincipal = accessRequest.isPrincipal(); + String name = accessRequest.getSid(); + validateUtil.checkIdentifiersExists(name, isPrincipal); + AclEntity ae = accessService.getAclEntity(type, uuid); - Sid sid = accessService.getSid(accessRequest.getSid(), accessRequest.isPrincipal()); + Sid sid = accessService.getSid(name, isPrincipal); Permission permission = AclPermissionFactory.getPermission(accessRequest.getPermission()); Acl acl = accessService.grant(ae, permission, sid); diff --git a/server-base/src/main/java/org/apache/kylin/rest/util/ValidateUtil.java b/server-base/src/main/java/org/apache/kylin/rest/util/ValidateUtil.java index c250da7..1d56a71 100644 --- a/server-base/src/main/java/org/apache/kylin/rest/util/ValidateUtil.java +++ b/server-base/src/main/java/org/apache/kylin/rest/util/ValidateUtil.java @@ -89,7 +89,7 @@ public class ValidateUtil { public void validateIdentifiers(String prj, String name, String type) throws IOException { Set<String> allIdentifiers = getAllIdentifiersInPrj(prj, type); if (!allIdentifiers.contains(name)) { - throw new RuntimeException("Operation failed, identifiers:" + name + " not exists"); + throw new RuntimeException("Operation failed, " + type + ":" + name + " not exists in project."); } } diff --git a/server/src/test/java/org/apache/kylin/rest/controller/AccessControllerTest.java b/server/src/test/java/org/apache/kylin/rest/controller/AccessControllerTest.java index 217b54c..dea37f5 100644 --- a/server/src/test/java/org/apache/kylin/rest/controller/AccessControllerTest.java +++ b/server/src/test/java/org/apache/kylin/rest/controller/AccessControllerTest.java @@ -34,6 +34,7 @@ import org.apache.kylin.rest.security.AclEntityType; import org.apache.kylin.rest.security.AclPermissionType; import org.apache.kylin.rest.security.ManagedUser; import org.apache.kylin.rest.service.CubeService; +import org.apache.kylin.rest.service.IUserGroupService; import org.apache.kylin.rest.service.ProjectService; import org.apache.kylin.rest.service.ServiceTestBase; import org.apache.kylin.rest.service.UserService; @@ -78,6 +79,10 @@ public class AccessControllerTest extends ServiceTestBase implements AclEntityTy @Qualifier("userService") UserService userService; + @Autowired + @Qualifier("userGroupService") + private IUserGroupService userGroupService; + @Before public void setup() throws Exception { super.setup(); @@ -88,11 +93,11 @@ public class AccessControllerTest extends ServiceTestBase implements AclEntityTy } @Test - public void testGetUserPermissionInPrj() { + public void testGetUserPermissionInPrj() throws IOException { List<ProjectInstance> projects = projectController.getProjects(10000, 0); assertTrue(projects.size() > 0); ProjectInstance project = projects.get(0); - ManagedUser user = new ManagedUser("u", "kylin", false, "all_users"); + ManagedUser user = new ManagedUser("u", "kylin", false, "all_users", "g1", "g2", "g3", "g4"); userService.createUser(user); grantPermission("g1", READ, project.getUuid()); @@ -249,7 +254,7 @@ public class AccessControllerTest extends ServiceTestBase implements AclEntityTy return accessRequest; } - private void grantPermission(String sid, String permission, String uuid) { + private void grantPermission(String sid, String permission, String uuid) throws IOException { swichToAdmin(); AccessRequest groupAccessRequest = getAccessRequest(sid, permission, false); accessController.grant(PROJECT_INSTANCE, uuid, groupAccessRequest); diff --git a/server/src/test/java/org/apache/kylin/rest/util/AclUtilTest.java b/server/src/test/java/org/apache/kylin/rest/util/AclUtilTest.java index b8fbe5f..18e5bf5 100644 --- a/server/src/test/java/org/apache/kylin/rest/util/AclUtilTest.java +++ b/server/src/test/java/org/apache/kylin/rest/util/AclUtilTest.java @@ -32,6 +32,8 @@ import org.springframework.security.authentication.TestingAuthenticationToken; import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContextHolder; +import java.io.IOException; + public class AclUtilTest extends ServiceTestBase { @Autowired AccessController accessController; @@ -40,7 +42,7 @@ public class AclUtilTest extends ServiceTestBase { AclUtil aclUtil; @Test - public void testBasic() { + public void testBasic() throws IOException { final String PROJECT = "default"; final String ANALYST = "ANALYST"; final String ADMIN = "ADMIN"; -- To stop receiving notification emails like this one, please contact billy...@apache.org.