minor, change the way that Table ACL get all tables.
Project: http://git-wip-us.apache.org/repos/asf/kylin/repo Commit: http://git-wip-us.apache.org/repos/asf/kylin/commit/9af6a3f0 Tree: http://git-wip-us.apache.org/repos/asf/kylin/tree/9af6a3f0 Diff: http://git-wip-us.apache.org/repos/asf/kylin/diff/9af6a3f0 Branch: refs/heads/master Commit: 9af6a3f0cd2788b9df412c10c1ac237ff8b6d0ef Parents: a7fd3b1 Author: tttMelody <245915...@qq.com> Authored: Wed Sep 20 16:20:17 2017 +0800 Committer: Jiatao Tao <245915...@qq.com> Committed: Wed Sep 20 16:46:10 2017 +0800 ---------------------------------------------------------------------- .../kylin/query/security/QueryInterceptUtil.java | 13 +++++++------ .../rest/security/QueryWithTableACLTest.java | 18 +++++++++++++++--- 2 files changed, 22 insertions(+), 9 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/kylin/blob/9af6a3f0/query/src/main/java/org/apache/kylin/query/security/QueryInterceptUtil.java ---------------------------------------------------------------------- diff --git a/query/src/main/java/org/apache/kylin/query/security/QueryInterceptUtil.java b/query/src/main/java/org/apache/kylin/query/security/QueryInterceptUtil.java index b6a97e5..fa094db 100644 --- a/query/src/main/java/org/apache/kylin/query/security/QueryInterceptUtil.java +++ b/query/src/main/java/org/apache/kylin/query/security/QueryInterceptUtil.java @@ -24,6 +24,7 @@ import java.util.HashSet; import java.util.List; import java.util.Map; import java.util.Set; +import java.util.TreeSet; import org.apache.calcite.sql.SqlCall; import org.apache.calcite.sql.SqlIdentifier; @@ -38,6 +39,7 @@ import org.apache.kylin.metadata.model.DataModelDesc; import org.apache.kylin.metadata.model.TblColRef; import org.apache.kylin.metadata.model.tool.CalciteParser; import org.apache.kylin.query.relnode.OLAPContext; +import org.apache.kylin.query.relnode.OLAPTableScan; import com.google.common.base.Preconditions; @@ -66,7 +68,7 @@ public class QueryInterceptUtil { public static Set<String> getAllColsWithTblAndSchema(String project, List<OLAPContext> contexts) { // all columns with table and DB. Like DB.TABLE.COLUMN - Set<String> allColWithTblAndSchema = new HashSet<>(); + Set<String> allColWithTblAndSchema = new TreeSet<>(String.CASE_INSENSITIVE_ORDER); for (OLAPContext context : contexts) { for (TblColRef tblColRef : context.allColumns) { @@ -156,12 +158,11 @@ public class QueryInterceptUtil { } public static Set<String> getAllTblsWithSchema(List<OLAPContext> contexts) { - // all tables with DB, Like DB.TABLE, may have same table, so use set. - Set<String> tableWithSchema = new HashSet<>(); + // all tables with DB, Like DB.TABLE + Set<String> tableWithSchema = new TreeSet<>(String.CASE_INSENSITIVE_ORDER); for (OLAPContext context : contexts) { - Set<TblColRef> allColumns = context.allColumns; - for (TblColRef tblColRef : allColumns) { - tableWithSchema.add(tblColRef.getTableWithSchema()); + for (OLAPTableScan tableScan : context.allTableScans) { + tableWithSchema.add(tableScan.getTableRef().getTableIdentity()); } } return tableWithSchema; http://git-wip-us.apache.org/repos/asf/kylin/blob/9af6a3f0/server/src/test/java/org/apache/kylin/rest/security/QueryWithTableACLTest.java ---------------------------------------------------------------------- diff --git a/server/src/test/java/org/apache/kylin/rest/security/QueryWithTableACLTest.java b/server/src/test/java/org/apache/kylin/rest/security/QueryWithTableACLTest.java index 1f3539e..950f586 100644 --- a/server/src/test/java/org/apache/kylin/rest/security/QueryWithTableACLTest.java +++ b/server/src/test/java/org/apache/kylin/rest/security/QueryWithTableACLTest.java @@ -18,6 +18,9 @@ package org.apache.kylin.rest.security; +import java.io.IOException; +import java.sql.SQLException; + import org.apache.kylin.common.KylinConfig; import org.apache.kylin.common.util.LocalFileMetadataTestCase; import org.apache.kylin.metadata.acl.TableACLManager; @@ -30,9 +33,6 @@ import org.junit.Rule; import org.junit.Test; import org.junit.rules.ExpectedException; -import java.io.IOException; -import java.sql.SQLException; - public class QueryWithTableACLTest extends LocalFileMetadataTestCase { private static final String PROJECT = "DEFAULT"; private static final String ADMIN = "ADMIN"; @@ -65,6 +65,18 @@ public class QueryWithTableACLTest extends LocalFileMetadataTestCase { QuerACLTestUtil.mockQuery(PROJECT, "select * from STREAMING_TABLE"); } + @Test + public void testFailQueryWithCountStar() throws SQLException, IOException { + QuerACLTestUtil.setUser(MODELER); + QuerACLTestUtil.mockQuery(PROJECT, "select count(*) from STREAMING_TABLE"); + + QuerACLTestUtil.setUser(ADMIN); + TableACLManager.getInstance(KylinConfig.getInstanceFromEnv()).addTableACL(PROJECT, "ADMIN", STREAMING_TABLE); + thrown.expectCause(CoreMatchers.isA(AccessDeniedException.class)); + thrown.expectMessage(CoreMatchers.containsString("Query failed.Access table:DEFAULT.STREAMING_TABLE denied")); + QuerACLTestUtil.mockQuery(PROJECT, "select count(*) from STREAMING_TABLE"); + } + @After public void after() throws Exception { this.cleanupTestMetadata();