[ambari] branch branch-2.7 updated: AMBARI-25734 :: CLUSTER.USER is able to perform actions through api calls (#3388)

Sun, 23 Oct 2022 12:20:26 -0700 

This is an automated email from the ASF dual-hosted git repository.

brahma pushed a commit to branch branch-2.7
in repository https://gitbox.apache.org/repos/asf/ambari.git


The following commit(s) were added to refs/heads/branch-2.7 by this push:
     new 4c8991cea2 AMBARI-25734 :: CLUSTER.USER is able to perform actions 
through api calls (#3388)
4c8991cea2 is described below

commit 4c8991cea201473421f97960a8781e18687c5e0c
Author: Vishal Suvagia <[email protected]>
AuthorDate: Mon Oct 17 12:42:14 2022 +0530

    AMBARI-25734 :: CLUSTER.USER is able to perform actions through api calls 
(#3388)
    
    (cherry picked from commit fe97683527d29992e88bd41204144ef0714ca1b3)
---
 .../api/services/persistence/PersistenceManagerImpl.java     | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git 
a/ambari-server/src/main/java/org/apache/ambari/server/api/services/persistence/PersistenceManagerImpl.java
 
b/ambari-server/src/main/java/org/apache/ambari/server/api/services/persistence/PersistenceManagerImpl.java
index d04a9484f4..50f65d480c 100644
--- 
a/ambari-server/src/main/java/org/apache/ambari/server/api/services/persistence/PersistenceManagerImpl.java
+++ 
b/ambari-server/src/main/java/org/apache/ambari/server/api/services/persistence/PersistenceManagerImpl.java
@@ -104,6 +104,12 @@ public class PersistenceManagerImpl implements 
PersistenceManager {
   public RequestStatus update(ResourceInstance resource, RequestBody 
requestBody)
       throws UnsupportedPropertyException, SystemException, 
NoSuchParentResourceException, NoSuchResourceException {
 
+    if (!AuthorizationHelper.isAuthorized(ResourceType.CLUSTER, null,
+            EnumSet.of(RoleAuthorization.CLUSTER_MANAGE_USER_PERSISTED_DATA))) 
{
+      throw new AuthorizationException("The authenticated user does not have 
authorization " +
+              "to update/store user persisted data.");
+    }
+
     Map<Resource.Type, String> mapResourceIds = resource.getKeyValueMap();
     Resource.Type type = resource.getResourceDefinition().getType();
     Schema schema = m_controller.getSchema(type);
@@ -129,6 +135,12 @@ public class PersistenceManagerImpl implements 
PersistenceManager {
   public RequestStatus delete(ResourceInstance resource, RequestBody 
requestBody)
       throws UnsupportedPropertyException, SystemException, 
NoSuchParentResourceException, NoSuchResourceException {
     //todo: need to account for multiple resources and user predicate
+    if (!AuthorizationHelper.isAuthorized(ResourceType.CLUSTER, null,
+            EnumSet.of(RoleAuthorization.CLUSTER_MANAGE_USER_PERSISTED_DATA))) 
{
+      throw new AuthorizationException("The authenticated user does not have 
authorization " +
+              "to delete/store user persisted data.");
+    }
+
     return 
m_controller.deleteResources(resource.getResourceDefinition().getType(),
         createControllerRequest(requestBody), 
resource.getQuery().getPredicate());
 


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to